veracrypt / VeraCrypt

Disk encryption with strong security based on TrueCrypt
https://www.veracrypt.fr
Other
6.89k stars 947 forks source link

Add VeraCrypt to Flathub repository #1309

Open Francewhoa opened 8 months ago

Francewhoa commented 8 months ago

Hello VeraCrypt enthusiasts :)

This is a suggestion to add VeraCrypt to this Flathug repository at https://flathub.org

If needed, both me and the Ubertus.Org team would be happy to contribute testing and documentation.


Below is the same suggestion as above. But with details if you're interested in those.


Benefit for maintainers:

• All-in-one packages. You save a lot of time. Because Flatpak doesn't depend on outside packages. And Flatpak automatically finds what to bundle using deduplication.

• Single package for all Linux distributions. List of distributions at https://flatpak.org/setup/

• Rapid updates. Your users do not have to wait for packages repository to update its list.

• Strong security. Using automated sandbox. With optional override for users of Flatseal.

• Distribute any type of applications with Flatpak. Including. But not limited to, system level, command line, desktop, utilities, or independent applications. When packaging the application, to set the access level, simply add one easy word to the Flatpak parameter "--filesystem=". Details about this are in this documentation at https://docs.flatpak.org/en/latest/sandbox-permissions-reference.html#filesystem-permissions

___• Optionally, users can override the above permission using this free, easy to use, and powerful Flatseal at https://flathub.org/apps/com.github.tchx84.Flatseal

• Use any repository to your liking. Your own, the https://codeberg.org , GitLab, GitHub, any others. Details at https://docs.flatpak.org/en/latest/publishing.html

• Developer guide at https://docs.flatpak.org/en/latest/

• Free community support for maintainers:

___• Forum at https://discourse.flathub.org/

___• Instant message at https://matrix.to/#/#flatpak:matrix.org

___• Mailing list at https://lists.freedesktop.org/mailman/listinfo/flatpak


Benefit for users:

• Easy and quick installation of the latest free application version at https://flathub.org

• Automatically use any theme to your liking for all apps or selected app. Assuming the app supports theming. This is powered by Flatseal.

___•Steps at https://discourse.flathub.org/t/gtk4-apps-do-not-use-adwaita-dark/1327/2

___•Get Flatseal at https://flathub.org/apps/com.github.tchx84.Flatseal

• Integration with GNOME. You are able to easily install Flatpak applications using the GNOME you're familiar with. When needed, you can still install Flatpak app using https://flathub.org , Terminal, and many other options.

• Of all the packaging options available, Flatpak definitely has the strongest security. Because each application is sanboxed. While at the same time, for some application, the default permissions grant too much access. So users who need strong security need to learn to use Flatseal to adapt the permissions at https://flathub.org/apps/com.github.tchx84.Flatseal

• Freedom. You get more freedom with Flatpak. Because https://flathub.org is controlled by a friendly not-for-profit community of users. In comparison, Snap Store is controlled by the for-profit corporation Canonical. So in the future, under constant pressure from its secret shareholders, when Canonical decides to close Snap Store, you will be in trouble. Not-for-profit community value you the people above profit. There are lots of benefit for you associated with this. Usually, for-profit corporations value money above you, the people. There are lots of risk associated with this.

___• Sources about who controls Flatpak is under "Acknowledgements" title at https://flathub.org/about

___• Sources about who controls Snap Store at https://ubuntu.com/legal/terms-and-policies/snap-store-terms

• Powerful but easy permissions override using this free Flatseal at https://flathub.org/apps/com.github.tchx84.Flatseal


Challenge with Flatpak:

• The first few applications you install use significantly more storage space. Because Flatpak needs to download runtime(s). But those runtimes are downloaded only once and shared with all other applications. This means that on the long term, after installing the first few applications, the storage space used no longer significantly increase. Also, most users with recent devices or with large storage are not affected by this challenge.


Cheers,

Francewhoa

Jertzukka commented 8 months ago

See https://github.com/veracrypt/VeraCrypt/issues/187, would require significant changes to the source code or separate Flatpak specific patches to get working.

Francewhoa commented 8 months ago

Thanks for your comment @Jertzukka :) This suggestion is about adding a distribution for VeraCrypt. Not replacing the existing distribution. Not changing the already existing distributions.

About VeraCrypt needed system permissions. According to Flatpak latest version and documentation, with Flatpak, application creators and maintainers are able to distribute any type of applications with Flatpak. Including. But not limited to, system level, command line, desktop, utilities, or independent applications. To do so, when packaging the application, to set the access level, simply add one easy word to the Flatpak parameter --filesystem=. Details about this are in this documentation at https://docs.flatpak.org/en/latest/sandbox-permissions-reference.html#filesystem-permissions

As you know, VeraCrypt needs full system level access. With Flatpak, this can easily and quickly be done during packaging using the Flatpak host parameter.

For example, but not limited to any of those permissions:

host to access all system files. Including, but not limited to, Linux media folders. Which VeraCrypt depends on.

host-etc to allow access only to files in the user's "/etc" folder

home to allow access only to the user's home folder

/some/path to allow access to an arbitrary path

~/some/path to allow access to an arbitrary path relative to the user's home folder

Any folder above automatically includes its sub-folders and sub-files. Easy.

As you know, VeraCrypt needs to read, write, and create folders and files. If not already done, this can be done by simply ending any packaging permissions path with :create. Details about this at https://docs.flatpak.org/en/latest/sandbox-permissions-reference.html#filesystem-permissions

Optionally, any users can override the above permissions above using this free, easy to use, and powerful Flatseal at https://flathub.org/apps/com.github.tchx84.Flatseal So if any user complains about your application's default permission, for your review and your decision, I suggest to simply redirect them to this free Flatseal. Suggesting to users to configure appropriately their Flatseal.

github2099 commented 6 days ago

Flatpak please