Free desktop application distribution and installation

Alexander Larsson alexl at redhat.com
Tue Dec 16 02:40:29 PST 2014 

On mån, 2014-12-08 at 15:02 -0800, Thomas Kluyver wrote:
> This may be a pipe dream, but XDG is the best place I know to propose
> something like this:
> 
> 
> We need a new mechanism for distributing end-user applications on free
> desktop platforms.

I agree, and I'm currently working on one (as are others obviously as
seen in this thread) within Gnome (although the base code is desktop
independent). I think the lack of this is fundamentally limiting the
Linux desktop to scale. Right now the only "reliable" way to consume
apps on linux is to run only the things packaged in your distro, at the
exact version that happens to be packaged in the version you run. There
is no good way for 3rd parties to distribute applications (free software
or not), and you can't run say a more recent version of some application
without being forced to update to a later distro version (if the new
version is packaged at all).

Long term what I want to do is full app sandboxing, but that requires a
lot of changes in core technologies, like kdbus, DRI, wayland and
pulseaudio. So, right now I'm working on the initial stages which are
more about deploying and running partially contained applications.

I'm mostly following the ideas which lennart described here:
http://0pointer.net/blog/revisiting-how-we-put-together-linux-systems.html
Although I'm not using btrfs for the on-disk format but rather ostree.

This involves a three-way split of everything:
1) The host OS (any old distro)
2) One or more runtimes, maintained by separate entities
3) The application, depending on a specific runtime and bundling
    whatever is not in that.

There are some complex interactions between the runtime/app and the host
(things like X11, audio, dbus, .desktop file integration etc) that needs
solving. I'm working on these. I'm also making a Gnome+freedesktop
runtime that apps can use, to test this system and work out the details.

> So, I would like a mechanism whereby:
> 
> 
> 1. Developers can publish applications without going through distro
> maintainers. This could either be self-hosted installer files, or a
> centralised location where you're free to claim a name (like PyPI,
> CPAN, etc.)

Yeah. It needs to be fully decenralized. Which in practice means it
needs to be tied to a dns name only. So, anyone should be able to
"connect" to a repository given only its dns name (say a uri) and
install/update apps from there.

Obviously distros could ship with one or more such repos pre-installed.

> 2. When the user installs an application, it can set up command line
> tools on $PATH and .desktop files to launch the application from the
> GUI.

I think we want .desktop files and things like dbus services installed
automatically. However, I'm not sure apps should be able to
automatically install themselves to the users PATH. That will affect
things like scripts and apps in a way that seems a bit risky.

> 3.a For bonus points: capabilities based security, because root is not
> the only thing we care about: http://xkcd.com/1200/

Yeah, the traditional unix model of protecting root from the user is
completely inadequate in the modern world. Who cares about the system
installation on a single-user laptop. The really important stuff (bank
account, email, SSNs, etc) are owned by the user.

So, we want a sandbox, and the gnome designers have started looking at
the user interface side of this, and several projects are working on the
required lowlevel details as i mentioned above.

> 4. The installer should be able to specify dependencies on system
> packages for any relevant packaging systems, because the developer
> shouldn't be forced to bundle dependencies any more than they should
> be forced to unbundle them.

I don't agree with this. I don't think you can make robust software if
you can't test exactly (more or less) what the user will be running.
Allowing using essentially random versions and builds of your
applications dependencies is always gonna cause problems. 

However, in the runtime/app model we have a middle ground, where the app
can bundle less and rely on a particular fixed version of the
dependencies (the runtime). It also allows centrialized minor updates to
the runtime for things like security updates and new DRI drivers.

More information about the xdg mailing list