Release flatpaks and snaps

[rugk]

The current way using some self-made installer and binary releases for linux without any (auto-)update mechanism is not only bad for security (missing auto-updates, users may miss updates, users may fail to verify updates properly…), but also quite inconvenient (at least when the security verification steps are done correctly). That's why an update mechanism and a mechanism, which does not reinvent the wheel (= no manual installer) would be nice. Also compatibility should be satisfied…

Thankfully there are two new things for this: Flatpaks and snaps, where the former is more about distros with GNOME and the later Ubuntu. Both, however, are supposed to work on any Linux distro.

So could you offer VeraCrypt in these release formats, too?

[jhooly]

+1

[rugk]

BTW personally I would prefer flatpak. In contrast to snap, you can also self-host it, so you stay in control, and it is widely supported. (snap is not so nice to setup in many distros and snap's security depends on AppArmor, which is not always available in many distros)

[38github]

+1

[ovz93br43v7]

Are there any news to this issue?

[rugk]

BTW, would prefer flatpaks, because – in contrast to snaps – they do not only claim to be distro-independent, but actually are.

[szaimen]

Any update here? :)

[alt3r-3go]

Not really (otherwise it would've been published), so any contributions are more than welcome! ;)

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[rugk]

I still would like to see a Flatpak.

[EuriNaiz]

I'd like to see a Flatpak package too, because it is usable on all linux distros and ChromeOS too (look that there are not a way to encrypt drives on ChromeOS, it is possible to use EDM Android app but, its proprietary and the free (Lite) version is too limited.

The effort could decrease on linux app if you release the Flatpak pacckage, because all dependencies are included in the flatpak package and/or runtime and it works exactly same on all distros, you can avoid specific distros and dependencies problems. Flatpak is containerised too, so, it is a good security improvement.

I hope to see a Flatpak package in a near future, and, merci beaucoup.

[Jertzukka]

I took a look at how difficult this would be to do and managed to get it to "work" as in build with all dependencies and launch. But anything that requires sudo rights (sudo, mount etc.) won't work. Also other system binaries aren't accessible (mkfs.ext4 etc) but as --filesystem=host passes /usr to /var/run/host, these somehow could be used through that. Apparently it would be possible to run arbitrary commands on the host instead of in the sandbox via flatpak-spawn --host but it is getting very complicated.

If there's anyone here who knows Flatpak permissions better and how to do that properly, you can take a look at my draft here: https://github.com/Jertzukka/VeraCrypt-Flatpak.

[EuriNaiz]

If there's anyone here who knows Flatpak permissions better and how to do that properly, you can take a look at my draft

Idk how to package a flatpak app, in fact I have been asking help to try with FrostWire, so... I'm gonna post you on Reddit and some Telegram groups hoping you get help to make this possible. <3

Edit: I have posted you, here is a link: https://www.reddit.com/r/flatpak/comments/14sn0zj/help_wanted_for_veracrypt_as_flatpak_package_linux

[rugk]

I mean GNOME DIsks is apparently buildable as a flatpak https://gitlab.gnome.org/GNOME/gnome-disk-utility/-/blob/master/INSTALL?ref_type=heads (Blivet not yet) Edit: Though maybe via a dependency on UDisks on the host?.

Also many apps like these access at least CD drives via a flatpak. So disk access itself should somehow be possible.

[Jertzukka]

It's been a while since I last looked at it, but I realized it wasn't possible to get it working without changes to the source code or separate patches to the source. The program wasn't written with "what if the system this program is running on doesn't have root rights?" in mind, so there are things that are hardcoded in. Also, if I remember correctly, the program launches a core service worker as root which does all your administrative requests on the user account's behalf, and I had no clue how you would implement this as a Flatpak.

So in short, it won't be as easy as "just package it in Flatpak".

[rugk]

launches a core service worker as root which does all your administrative requests on the user account's behalf, and I had no clue how you would implement this as a Flatpak.

Hmm an easy way I could imagine as a temporary solution would be to "flatpak --spawn --host" that service and if that works then well…

But in any case thanks for the effort you've put into (trying)!

[Francewhoa]

If there's anyone here who knows Flatpak permissions better and how to do that properly, you can take a look at my draft here: https://github.com/Jertzukka/VeraCrypt-Flatpak.

Thanks @Jertzukka for your contribution with VeraCrypt-Flatpak above :)

For those not familiar with the latest Flatpak available permissions. With Flatpak, application creators and maintainers are able to distribute any type of applications with Flatpak. Including. But not limited to, system level, command line, desktop, utilities, or independent applications. To do so, when packaging the application, to set the access level, simply add one easy word to the Flatpak parameter --filesystem=. Details about this are in this documentation at https://docs.flatpak.org/en/latest/sandbox-permissions-reference.html#filesystem-permissions

As you know, VeraCrypt needs full system level access. With Flatpak, this can easily and quickly be done during packaging using the Flatpak host parameter.

For example, but not limited to:

• host to access all system files. Including, but not limited to, Linux media folders. Which VeraCrypt depends on.

• host-etc to allow access only to files in the "/etc" folder

• home to allow access only to the user home directory

• /some/path to allow access to an arbitrary path

• ~/some/path to allow access to an arbitrary path relative to the user's home directory

Optionally, any users can override the above permissions above using this free, easy to use, and powerful Flatseal at https://flathub.org/apps/com.github.tchx84.Flatseal So if any user complains about your application's default permission, for your review and your decision, I suggest to simply redirect them to this free Flatseal. Suggesting to users to configure appropriately their Flatseal.

I am a Flatpak end-user. Not a developer. I do not have any financial conflict of interest with Flatpak. I'm just a happy user.

[joewood9364]

If there's anyone here who knows Flatpak permissions better and how to do that properly, you can take a look at my draft here: https://github.com/Jertzukka/VeraCrypt-Flatpak.

Thanks @Jertzukka for your contribution with VeraCrypt-Flatpak above :)

For those not familiar with the latest Flatpak available permissions. With Flatpak, application creators and maintainers are able to distribute any type of applications with Flatpak. Including. But not limited to, system level, command line, desktop, utilities, or independent applications. To do so, when packaging the application, to set the access level, simply add one easy word to the Flatpak parameter --filesystem=. Details about this are in this documentation at https://docs.flatpak.org/en/latest/sandbox-permissions-reference.html#filesystem-permissions

As you know, VeraCrypt needs full system level access. With Flatpak, this can easily and quickly be done during packaging using the Flatpak host parameter.

For example, but not limited to:

• host to access all system files. Including, but not limited to, Linux media folders. Which VeraCrypt depends on.

• host-etc to allow access only to files in the "/etc" folder

• home to allow access only to the user home directory

• /some/path to allow access to an arbitrary path

• ~/some/path to allow access to an arbitrary path relative to the user's home directory

Optionally, any users can override the above permissions above using this free, easy to use, and powerful Flatseal at https://flathub.org/apps/com.github.tchx84.Flatseal So if any user complains about your application's default permission, for your review and your decision, I suggest to simply redirect them to this free Flatseal. Suggesting to users to configure appropriately their Flatseal.

Have you considered forking the project to work on this? thanks.

[Francewhoa]

Have you considered forking the project to work on this? thanks.

Hello @joewood9364 :) Thanks for your suggestion. I would love to. But I am an end-user. Not a developer. Today I updated my comment accordingly.

Per my comment above both me and the Ubertus.Org team would be happy, as volunteer, to contribute testing and documentation, if needed

[Francewhoa]

Hi all VeraCrypt enthusiasts :) For those not familiar with Flatpak. Below are the benefits of Flatpak for VeraCrypt maintainers and end-users.

Benefit for maintainers

• With Flatpak, you are able to spend more time doing what you enjoy with the most recent version of your app. Instead of spending time with end-users support requests about outdated or no longer maintained versions of your app. Why? Well because with Flatpak you are able to quickly and easily send direct updates to your end-users. Which do not have to wait for package repositories to update their list.

• All-in-one packages. You save a lot of time. Because Flatpak doesn't depend on outside packages. And Flatpak automatically finds what to bundle using deduplication.

• Single package for all Linux distributions. List of distributions at https://flatpak.org/setup/

• Freedom. You get more freedom with Flatpak. Because https://flathub.org/ is controlled by a friendly not-for-profit community of users. In comparison, Snap Store is controlled by the for-profit corporation Canonical. So in the future, under constant pressure from its secret shareholders, when Canonical decides to close Snap Store, you will be in trouble. Not-for-profit community value you the people above profit. There are lots of benefit for you associated with this. Usually, for-profit corporations value money above you, the people. There are lots of risk associated with this.

• Strong security. Using automated sandbox. With optional override for users of Flatseal.

• Use any repository to your liking. Your own, the https://codeberg.org , GitLab, GitHub, any others. Details at https://docs.flatpak.org/en/latest/publishing.html

• If you are full, as maintainer, you could easily delegate to anyone to your liking both the creation and the maintenance of the application for the Flathub repository. In other words, any volunteer can add an application to Flathub. It does not have to be the maintainer.

• Developer guide at https://docs.flatpak.org/en/latest/

• Free community support for maintainers:

___• Forum at https://discourse.flathub.org/

___• Instant message at https://matrix.to/#/#flatpak:matrix.org

___• Mailing list at https://lists.freedesktop.org/mailman/listinfo/flatpak

---

Benefit for users

• With Flatpak, you are able to easy and quick install the latest free application version at https://flathub.org

• Get rapid updates per the above. With Flatpak, you no longer have to wait for package repositories to update their list.

• Automatically use any theme to your liking for all apps or selected app. Assuming the app supports theming. This is powered by Flatseal.

___•Steps at https://discourse.flathub.org/t/gtk4-apps-do-not-use-adwaita-dark/1327/2

___•Get Flatseal at https://flathub.org/apps/com.github.tchx84.Flatseal

• Integration with GNOME. You are able to easily install Flatpak applications using the GNOME you're familiar with. When needed, you can still install Flatpak app using https://flathub.org , Terminal, and many other options.

• Of all the packaging options available, Flatpak definitely has the strongest security. Because each application is sanboxed. While at the same time, for some application, the default permissions grant too much access. So users who need strong security need to learn to use Flatseal to adapt the permissions at https://flathub.org/apps/com.github.tchx84.Flatseal

• Freedom. You get more freedom with Flatpak. Because https://flathub.org is controlled by a friendly not-for-profit community of users. In comparison, Snap Store is controlled by the for-profit corporation Canonical. So in the future, under constant pressure from its secret shareholders, when Canonical decides to close Snap Store, you will be in trouble. Not-for-profit community value you the people above profit. There are lots of benefit for you associated with this. Usually, for-profit corporations value money above you, the people. There are lots of risk associated with this.

___• Sources about who controls Flatpak is under "Acknowledgements" title at https://flathub.org/about

___• Sources about who controls Snap Store at https://ubuntu.com/legal/terms-and-policies/snap-store-terms

• Powerful but easy permissions override using this free Flatseal at https://flathub.org/apps/com.github.tchx84.Flatseal

---

Challenge with Flatpak

• Flatpak strength is distribution for desktop applications. Not system level or command line applications. Not yet anyway. Maybe later.

• The first few applications you install use significantly more storage space. Because Flatpak needs to download runtime(s). But those runtimes are downloaded only once and shared with all other applications. This means that on the long term, after installing the first few applications, the storage space used no longer significantly increase.

---

Contribution

Any volunteers to add VeraCrypt to either https://flathub.org or to any other Flatpak repositories to your liking? Both me and the Ubertus.Org team would be happy, as volunteer, to contribute testing and documentation, if needed.

I am a Flatpak end-user. Not a developer. I do not have a financial conflict of interest with Flatpak.