| 1 |
Hi! |
| 2 |
|
| 3 |
On Sat, 6 Oct 2018 14:17:50 +0300 Mykyta Holubakha wrote: |
| 4 |
> I'm proposing to add a new eclass: appimage.eclass, to facilitate |
| 5 |
> extraction off AppImage bundles. The rationale is that some upstreams |
| 6 |
> have migrated to distributing their proprietary software exclusively as |
| 7 |
> AppImage bundles. (for instance dev-util/staruml-bin). |
| 8 |
> |
| 9 |
> An example ebuild can be seen at https://git.io/fx3Mg |
| 10 |
> |
| 11 |
> I'd like to ask the following questions: |
| 12 |
> |
| 13 |
> 1. Can I put myself and proxy-maint under @MAINTAINER (or do I need to |
| 14 |
> find a gentoo dev)? |
| 15 |
|
| 16 |
Likely no. We have no such eclasses right now. Eclasses have more |
| 17 |
strict requirements than ebuilds, e.g. they should not be changed |
| 18 |
without a prior ML discussion except for project-specific eclasses. |
| 19 |
|
| 20 |
> 2. Are we OK with executing AppImage bundles downloaded from the |
| 21 |
> Internet (an alternative would be to implement a proper extractor |
| 22 |
> program, which would unpack the images without executing them, and add |
| 23 |
> it to DEPENDs). |
| 24 |
|
| 25 |
This would be a considerable security risk, so no. You should use |
| 26 |
some extractor. Looks like appimage carries filesystem inside with |
| 27 |
some offset. |
| 28 |
|
| 29 |
Best regards, |
| 30 |
Andrew Savchenko |
Archives