-
-
Notifications
You must be signed in to change notification settings - Fork 559
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rewrite signing using gpgme and gcrypt #1203
Conversation
7e86e15
to
6fde167
Compare
After updating the AppImageBuild Docker images, we had to adjust some details around the build of mksquashfs within libappimage 0.1.x.
1aeba76
to
f3e120f
Compare
Getting
https://github.com/probonopd/linuxdeployqt/runs/7562119014?check_suite_focus=true#step:6:921 Is this caused by this change? If yes, please roll back or fix. Thanks! Reference: |
This is not the fault of this change. The built AppImage works fine, and the way linuxdeploy bundles appimagetool also works for many, many repositories just fine. I guess you need to adjust how you bundle appimagetool. This, however, is not my job. |
This approach too naive. appimagetool has not been "dependency free" in years (libffi for instance has had to be bundled for quite a while). You need to properly deploy the contents of the appimagetool AppImage. Please feel free to take some inspiration from https://github.com/linuxdeploy/linuxdeploy-plugin-appimage/blob/master/ci/build-appimage.sh#L50-L58. Just copy the entire appimagetool AppDir into your AppImage and use the contained AppRun to call appimagetool. |
Well, you know my philosophy. Something breaks something that was working before = it gets rolled back if it can't be fixed immediately. :) |
Which is utterly wrong, counterproductive and off-putting to contributors and users. Especially in this case where the bundling within a third-party repository has been broken for years already. I hadn't even seen your comment here initially, I was sent here by a user who was afraid of exactly that behavior to intervene early. |
So, how do we get probonopd/linuxdeployqt#541 unblocked? |
Not saying that you are wrong here. Hence, the next version of the AppImage tooling shall all be statically linked entirely (both runtime and ingredients). But what are we doing in the meantime? |
See #1203 (comment). The bundling within your script has been too naive for years. Look at https://github.com/AppImage/AppImageKit/blame/master/ci/build-appdir.sh#L61-L71, the bundling of libffi has been necessary at least since Dec 2020, probably even earlier. I've linked to how linuxdeploy's AppImage plugin bundles appimagetool. It extracts the entire AppDir as is and uses appimagetool from there. Your script just copies the main binary and hopes for the best. Recipe for disaster, that is. Edit: if you open an issue over at linuxdeploy, ping me and I'll assist you with feedback. |
We just need to make it work as good as it was before this change, not better (better of course would be, well, better, but that's unrelated to this breaking PR). Since I don't have any time to look into this whole topic at the moment but need to be un-blocked, I'd like to ask you in the kindest way possible to please either fix this or roll back this PR. Thanks! |
Do you realize that this blackmail is based on the fact that your bundling is broken? And that it is going to get worse with bundling desktop-file-utils and some other binaries (upcoming changes)? This is just nonsense. Why don't you ask your contributors to fix the issue? I'm sure they're willing to do so, just need some guidance. And I generously offered to assist you and your contributors in #1203 (comment). I am not going to revert this PR. This PR is completely legitimate. |
No, I didn't. but thanks to your explanation on irc I understand now that this is an issue with how linuxdeployqt bundes appimagetool, not with the appimagetool AppImage itself. So additional work in linuxdeployqt is required: probonopd/linuxdeployqt#542 Thanks for the clarification. |
CI stuff is still missing (ideally we can just link both libraries statically and be done), will follow soon.
Hopefully this finally makes the signing process reliable. Working with those libs in plain C is annoying and time consuming.