AppImage

[trymeouteh]

Please make an AppImage instead of a Deb package which will allow for easy install on any Linux distribution.

[travispessetto]

Unfortunately, I'm not sure if AppImage will work as this requires a root certificate to be installed for TLS functionality. I need to do more investigating but might go with flatpak.

[trymeouteh]

Flatpak will work too for easy install and use on all Linux distros.

[probonopd]

Providing an AppImage would have, among others, these advantages:

• Applications packaged as an AppImage can run on many distributions (including Ubuntu, Fedora, openSUSE, CentOS, elementaryOS, Linux Mint, and others)
• One app = one file = super simple for users: just download one AppImage file, make it executable, and run
• No unpacking or installation necessary
• No root needed
• No system libraries changed
• Works out of the box, no installation of runtimes needed
• Optional desktop integration with appimaged
• Optional binary delta updates, e.g., for continuous builds (only download the binary diff) using AppImageUpdate
• Can optionally GPG2-sign your AppImages (inside the file)
• Works on Live ISOs
• Can use the same AppImages when dual-booting multiple distributions
• Can be listed in the AppImageHub central directory of available AppImages
• Can double as a self-extracting compressed archive with the --appimage-extract parameter
• No repositories needed. Suitable/optimized for air-gapped (offline) machines

Here is an overview of projects that are already distributing upstream-provided, official AppImages.

If you have questions, AppImage developers are on #AppImage on irc.freenode.net.

Unfortunately, I'm not sure if AppImage will work as this requires a root certificate to be installed for TLS functionality.

Why do you think this has something to do with AppImage? You just need to get your software to load that certificate. AppImage is just a self-mounting filesystem that executes whatever you put inside it.

[travispessetto]

@probonopd The reason I'm concerned about that is more for the client than the application itself. The application runs fine as a jar file containing certificates. The debian installer installs a root certificate so that clients trust the server (this app). While I don't know of any Linux examples the libraries used for C# to access SMTP securely will throw an exception if can't find the certificate.

[probonopd]

Ah, I see. Probably one would have to write a small script to install the certificate in the system, and run that script as root?

[travispessetto]

That's one way to do it but adds extra steps. With the debian installer all I have to do is make sure /etc/ssl/certs of the archive contains the certificate and it will move it to the same place on the file system.

[probonopd]

Are you sure that all distributions are loading the certs from the same location? I wouldn't be so sure...

"/etc/ssl/certs/ca-certificates.crt",     // Debian/Ubuntu/Gentoo etc.
"/etc/pki/tls/certs/ca-bundle.crt",       // Fedora/RHEL
"/etc/ssl/ca-bundle.pem",                 // OpenSUSE
"/etc/pki/tls/cacert.pem",                // OpenELEC
"/etc/ssl/certs",                         // SLES10/SLES11, https://golang.org/issue/12139
"/usr/share/ca-certs/.prebuilt-store/"    // Clear Linux OS; https://github.com/knapsu/plex-media-player-appimage/issues/17#issuecomment-437710032
"/system/etc/security/cacerts"            // Android

Reference: https://gitlab.com/probono/platformissues#certificates

[travispessetto]

I never said that all distributions load them from the same location. I said that the Debian installer adds them. I do want to make a rpm package but since the build is automated on a Ubuntu server I'm not sure how to do that.

[travispessetto]

I feel like AppImage and Flatpak will cripple the features that make this project stand out from the alternatives. Therefore they will not be created at this time.

[probonopd]

I feel like AppImage and Flatpak will cripple the features

I guarantee you that AppImage won't cripple anything because it's just a way of transporting your software - you stay in full control. Think of it like a zip file, but one that doesn't have to be extracted.

[travispessetto]

The whole reason Origami SMTP was created was to have a fake SMTP server with TLS that could be validated by the client. If the Origami Root CA cannot be installed I consider the feature crippled.

[probonopd]

Can Origami SMTP made to load the Origami Root CA from a path relative to itself? That would be the best option because that way, the Origami Root CA would not have to be copied into the system but could stay in the AppImage and be loaded from there.

[travispessetto]

It already loads it from its jar file. The issue is when clients connect. Some clients will attempt to verify against the operating system's root certificates.

[probonopd]

Ah, then a helper tool or bash script is needed that is run as root and copies the certificates into the appropriate system location(s).

"/etc/ssl/certs/ca-certificates.crt",     // Debian/Ubuntu/Gentoo etc.
"/etc/pki/tls/certs/ca-bundle.crt",       // Fedora/RHEL
"/etc/ssl/ca-bundle.pem",                 // OpenSUSE
"/etc/pki/tls/cacert.pem",                // OpenELEC
"/etc/ssl/certs",                         // SLES10/SLES11, https://golang.org/issue/12139
"/usr/share/ca-certs/.prebuilt-store/"    // Clear Linux OS; https://github.com/knapsu/plex-media-player-appimage/issues/17#issuecomment-437710032
"/system/etc/security/cacerts"            // Android

[wikwok]

@probonopd do you know how to add the certificates to the appimage? or make the appimage recognise them?

[probonopd]

What component is using the certificates? If it is using gnutls, then this patched version the PPA: https://launchpad.net/~djcj/+archive/ubuntu/gnutls-patched may do the trick - it is patched to search in all the known certification locations where the different distributions put them.