[ANNOUNCE] xdg-app - desktop app sandboxing system

Jasper St. Pierre jstpierre at mecheye.net
Wed Jun 24 10:23:31 PDT 2015 

On Wed, Jun 24, 2015 at 9:57 AM, Thomas Kluyver <thomas at kluyver.me.uk> wrote:
> Hi Alex,
>
> On Wed, Jun 24, 2015, at 01:15 AM, Alexander Larsson wrote:
>> More details on how xdg-app works can be found here:
>>  https://wiki.gnome.org/Projects/SandboxedApps
>
> Thanks, this looks interesting. A couple of questions:
>
> How specific is a 'runtime'? If I've written an application based on
> Python and Qt, for instance, do I need to define a Python+Qt runtime
> based on the versions I need? Or would I use the freedesktop runtime and
> specify in some other way that the application requires Python and Qt?
> Or use the freedesktop runtime and bundle anything missing from it into
> my application?
>
> The wiki page mentioned distribution of apps, and I see links to
> 'OSTree', but I'm not quite clear what it means. What would it look like
> for an application developer to package and distribute an application
> like this, and what is going on when the user installs it?

I can answer these bits.

> On that last bit, specific examples of what I'm not sure about:
> - Is it still conveyed inside an rpm/deb/whatever package, or will user
> systems use OSTree to fetch it?

OSTree is a system designed for fetching and deploying system updates.
The main ostree core is composed of two things:

 * a repo system, similar to git, which is more efficient for storing
binaries. This includes deltas and other such work.

 * a deploy mechanism to deploy roots of a repo atomically to your
system. There's integration with bootloaders to generate configuration
files after deploys, too.

There's also an API and an ability to build on top of these systems.
So, rpm-ostree builds on top of this for its deploy stage, and we at
Endless have a different deploy system as well.

Both of these are really cool and convenient for system updates.
xdg-app is simply using OSTree for its first bit, the repo bit.
xdg-app has its own deploy stage.

> - Would an application developer host their own packages, or is it still
> a centralised model like distro packaging? If it's centralised but
> cross-distribution, who would run the repository?

You could run it either way. The vision here is definitely that the
app developers publish their own official builds. But Fedora might
want a central repo for all the packages in its distro.

So, I don't know, it remains to be seen. We're simply building the
tools here. Distro politics come after. :)

> - When the user installs an application, would it be like current app
> installation on smartphones? "FooApp needs these permissions, OK to
> install it?" Or could they deny individual capabilties? Or are the
> capabilities checked by a centralised gatekeeper before the app is
> available? Or some other model?

When the app is deployed, its manifest of permissions is checked to
determine what should be mounted in the sandbox. This manifest can be
edited by a user at any time. Note, however, that if the app isn't
coded for these failure cases (it was simply using a standard Linux
API), it might crash outright.

> Best wishes,
> Thomas
> _______________________________________________
> xdg mailing list
> xdg at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/xdg



-- 
  Jasper

More information about the xdg mailing list