Linux

64877 readers

1016 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 7 years ago

MODERATORS

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

Coldbrew package manager (gitlab.postmarketos.org)

submitted 5 days ago* (last edited 5 days ago) by nobody_1677@lemmy.world to c/linux@lemmy.ml

4 comments fedilink hide all child comments

Coldbrew is a "brew" style package manager for Linux distributions that offers the full power of the Alpine Linux aports repository with no root access required

Coldbrew is a bit of a mix of flatpak and homebrew. It uses a very lightweight sandbox (bubblewrap) mainly as a means of isolating dependencies. It aims to server a similar goal as homebrew, but without the PATH issues homebrew brings (see: https://invent.kde.org/kde-linux/kde-linux/-/merge_requests/408)

Example Usage:

coldbrew install neovim # install the package
coldbrew run nvim       # run nvim
coldbrew wrap nvim      # create a wrapper to type less
nvim                    # run nvim

you are viewing a single comment's thread
view the rest of the comments

[–] Oinks@lemmy.blahaj.zone 0 points 5 days ago* (last edited 5 days ago) (1 children)

This is interesting, but I wouldn't consider this to be at all comparable to Flatpak. From what I can see the only purpose of using bubblewrap here is the dependency isolation (without having to recompile the world ala Nix), which does have some value but it feels misleading to even call it a sandbox.

It mounts /home and /run into the ~~sandbox~~ chroot, which means that "sandboxed" applications can do things like reading your SSH keys, dumping your keyring or escaping the sandbox via write to .bashrc (so most of the attacks you'd want to prevent). This is presumably done because without /home access you wouldn't be able to write to the filesystem and without /run access you can't even display a graphical window, which would make the packages quite useless.

XDG Desktop Portal solves this by allowing filtered dbus access controlled by package metadata (/.flatpak-info), and then having sandboxed applications use portals to access files, secrets and other resources. The metadata is a major flaw in Flatpaks design (note that a lot of the most popular Flatpaks want full $HOME access), but it's also what allows Flatpak to be useful. In this project, there's no metadata since the packages just come from Alpine repositories.

[–] excel@lemming.megumin.org 0 points 5 days ago (1 children)

So in other words, it fixes all of the shit that makes Flatpak broken and useless?

[–] Oinks@lemmy.blahaj.zone 1 points 4 days ago

In the sense that allowing a malicious application to steal your SSH keys is "fixing", yes.