AppImage Needed, Build Script Provided.

[CrazyAce25]

Preliminary checklist

• [X] I have read the README
• [X] I have searched existing issues for my feature request. This is a new issue (NOT a duplicate) and is not related to another issue.
• [X] I have searched wont fix issues and this request is not among them
• [X] This is a feature request for the Cromite browser; not the website nor F-Droid nor anything else.

Is your feature request related to privacy?

No

Is there a patch available for this feature somewhere?

Not that Im aware of.

Describe the solution you would like

We need a truly portable Linux Cromite release that can be easily updated as currently there is no way to easily update the Linux version that is put out. Appimages can be easily updated via https://github.com/ivan-hc/AM and/or through the use of go-appimage and likely others as well. AM/AppMan & Go-appimage daemon also provide integrated sand-boxing functionality among many other great features.

Describe alternatives you have considered

I spent the time to create a script that makes it incredibly easy to build the AppImage which makes use of the lin64 build that is already currently in production. Please consider making use of the included script to put out an Appimage for the community. This script makes use of the latest go-appimage repository (https://github.com/probonopd/go-appimage/) and should run well on most all available versions of Linux without any issues.

[CrazyAce25]

Go-AppImage-Cromite-Build_Script.txt

[uazo]

I would like you to show me the result of chrome://sandbox with and without the isolation active.

[ivan-hc]

hi, I've not tested with the AppImage provided here, but I have performed a test with chromium that instead is available in the repo of AM, this is the video

Details

https://github.com/user-attachments/assets/c9762631-3462-4a31-b0ac-a41fae56adf0

I hope this can help somehow

[CrazyAce25]

I would like you to show me the result of chrome://sandbox with and without the isolation active.

No change before sandbox and after.

[uazo]

seems strange to me. I wonder how isolation protects an escalation of privileges. not that I mind, because it means that it would be possible to use browser isolation without touching the isolation of render processes and thus the chromium sandbox, but it also means that the protection might be ineffective. flatpack does not allow the modification of the protections it inserts for that very reason. I would have to check to understand better.

could you check whether the chrome_sandbox file is present and possibly delete it and then try again? other thing, is there an automatic autoupdate?

I will do some tests too, be patient.

[ivan-hc]

other thing, is there an automatic autoupdate?

sure, my contributor @Samueru-sama have helped me a lot by adding metadata info in some of my Appimages, so some of them are updatable using appimageupdatetool, by downloading only the deltas

as well, my package manager, "AM"/"AppMan" supports both update by deltas (as just said above) or the "comparison of versions" if metadata info are not implemented. See https://github.com/ivan-hc/AM#how-to-update-all-programs-for-real

[ivan-hc]

@uazo if you go on my profile, I have listed all appimages I create, I also have Google Chrome, Chromium, Vivaldi, Opera and Microsoft Edge, you can extract them using the following command

./*.AppImage --appimage-extract

the files are extracted into a "squashfs-root" directory. Remember to made the AppImage executable.

[Samueru-sama]

seems strange to me. I wonder how isolation protects an escalation of privileges.

The isolation uses aisap which ships its own non-SUID bubblewrap. https://github.com/mgord9518/aisap

As far as I know it is not possible to escalate privileges since the binary itself is not SUID unlike other methods like firejail.

I will do some tests too, be patient.

You can quickly check with the brave appimage (chromium based) am -i brave-appimage && am --sandbox brave and check all of that, this is what I get on sandbox status:

---

WIth this said, I know it is not recommended to do this to firefox based browsers, because it breaks its internal sandbox

[Twig6943]

ayo @ivan-hc any updates on getting this to "AM" db?

[Twig6943]

ayo @ivan-hc any updates on getting this to "AM" db?

@ivan-hc any updates (really sorry I dont want to spam)

This is the only foss chromium based browser that has a built-in adblocker (besides brave, brave is bloated as hell) (and adblock extensions like ublock origin has been nerfed a lot cuz of mv3)

I'm thinking of switching to this browser but I don't want to rely on distro specific pkgs. Have a look at my rebos conf if u want

[ivan-hc]

@Twig6943 I'm waiting the answer of @uazo

[Twig6943]

Go-AppImage-Cromite-Build_Script.txt

Please add this to the actions tab of the repo so that the AppImage pkg can be grabbed via AM

[uazo]

I am busy with something else, but I will get around to checking this sooner or later. If someone can do these tests, it would help me.

[Twig6943]

@uazo what do you mean by "tests" ? you want me to test the flatpak pkg? or the appimage pkg I'm confused

[uazo]

or the appimage pkg I'm confused

I apologise if i am unclear: I meant the same tests but with appimage.

[Twig6943]

@uazo

(FYI asked for a gpg key I just pressed enter)

[Twig6943]

@uazo soo whats the hold up for the appimage? it seems to work fine

[Samueru-sama]

@uazo

Is this what you need to know?

This is the AppImage while running with aisap sandbox, which uses a non-suid bubblewrap.