[ANNOUNCE] xdg-app - desktop app sandboxing system

Alexander Larsson alexl at redhat.com
Wed Jun 24 12:20:03 PDT 2015

On ons, 2015-06-24 at 09:48 -0700, Thomas Kluyver wrote:
> Hi Alex,
> On Wed, Jun 24, 2015, at 01:15 AM, Alexander Larsson wrote:
> > More details on how xdg-app works can be found here:
> >  https://wiki.gnome.org/Projects/SandboxedApps
> Thanks, this looks interesting. A couple of questions:
> How specific is a 'runtime'? If I've written an application based on
> Python and Qt, for instance, do I need to define a Python+Qt runtime
> based on the versions I need? Or would I use the freedesktop runtime 
> and
> specify in some other way that the application requires Python and 
> Qt?
> Or use the freedesktop runtime and bundle anything missing from it 
> into
> my application?

A runtime is very specific. It defines an exact ABI and is then
supposed to continue to support exactly that ABI. If anything that you
need is not shipped in the runtime you chose to use, you need to bundle
those with the app. In general you should not define your own runtime,
doing that is analogous to creating (and supporting) your own distro.

> The wiki page mentioned distribution of apps, and I see links to
> 'OSTree', but I'm not quite clear what it means. What would it look 
> like
> for an application developer to package and distribute an application
> like this, and what is going on when the user installs it?

The best way to describe ostree is that it is "git for operating system
trees". You have a repository with several branches, and you can pull
and push and commit, etc. Typical distribution is via a "dumb http"
version of the ostree repo. I.e. you just create your repo (via xdg-app
build-export) and put the resulting files on your webserver.

When downloading it for the user the ostree parts are hidden, you just
xdg-app add-remote repo-name http://url.to.repo.org/repo/
xdg-app install-app repo-name org.app.name

> On that last bit, specific examples of what I'm not sure about:
> - Is it still conveyed inside an rpm/deb/whatever package, or will 
> user
> systems use OSTree to fetch it?

ostree is used under the hood. But rpm/deb/whatever can be used to
construct the app on the developer side.

> - Would an application developer host their own packages, or is it 
> still
> a centralised model like distro packaging? If it's centralised but
> cross-distribution, who would run the repository?

Generally it is distributed. Each upstream hosts their own repo.
However, a distro can chose to build and host other peoples apps in a
repo they want. And I want to also allow centralized app repositories
that contain links to the upstream repostories, so that you can manage
an "app store" by just collecting upstreams, making sure the apps are
working and do what they say and then signing the links with your own
gpg key.

> - When the user installs an application, would it be like current app
> installation on smartphones? "FooApp needs these permissions, OK to
> install it?" Or could they deny individual capabilties? Or are the
> capabilities checked by a centralised gatekeeper before the app is
> available? Or some other model?

Right now an app just gets whatever they ask for. At some higher level
we should probably ask the user during install if this ok.

 Alexander Larsson                                            Red Hat, Inc 
       alexl at redhat.com            alexander.larsson at gmail.com 
He's a maverick devious sorceror with nothing left to lose. She's a 
disco-crazy paranoid mercenary who believes she is the reincarnation of 
an ancient Egyptian queen. They fight crime! 

More information about the xdg mailing list