Linux

64743 readers

194 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

Coldbrew package manager (gitlab.postmarketos.org)

submitted 15 hours ago* (last edited 15 hours ago) by nobody_1677@lemmy.world to c/linux@lemmy.ml

2 comments fedilink hide all child comments

Coldbrew is a "brew" style package manager for Linux distributions that offers the full power of the Alpine Linux aports repository with no root access required

Coldbrew is a bit of a mix of flatpak and homebrew. It uses a very lightweight sandbox (bubblewrap) mainly as a means of isolating dependencies. It aims to server a similar goal as homebrew, but without the PATH issues homebrew brings (see: https://invent.kde.org/kde-linux/kde-linux/-/merge_requests/408)

Example Usage:

coldbrew install neovim # install the package
coldbrew run nvim       # run nvim
coldbrew wrap nvim      # create a wrapper to type less
nvim                    # run nvim

top 2 comments

sorted by: hot top controversial new old

[–] Oinks@lemmy.blahaj.zone 4 points 7 hours ago* (last edited 7 hours ago) (1 children)

This is interesting, but I wouldn't consider this to be at all comparable to Flatpak. From what I can see the only purpose of using bubblewrap here is the dependency isolation (without having to recompile the world ala Nix), which does have some value but it feels misleading to even call it a sandbox.

It mounts /home and /run into the ~~sandbox~~ chroot, which means that "sandboxed" applications can do things like reading your SSH keys, dumping your keyring or escaping the sandbox via write to .bashrc (so most of the attacks you'd want to prevent). This is presumably done because without /home access you wouldn't be able to write to the filesystem and without /run access you can't even display a graphical window, which would make the packages quite useless.

XDG Desktop Portal solves this by allowing filtered dbus access controlled by package metadata (/.flatpak-info), and then having sandboxed applications use portals to access files, secrets and other resources. The metadata is a major flaw in Flatpaks design (note that a lot of the most popular Flatpaks want full $HOME access), but it's also what allows Flatpak to be useful. In this project, there's no metadata since the packages just come from Alpine repositories.

[–] nobody_1677@lemmy.world 2 points 2 hours ago

Correct, that’s what I meant by calling it a lightweight sandbox that’s mainly used to isolate dependencies.

Though the cool thing about cold brew is that it’s simply a shell script. Not even a crazy long one at that. It would not be difficult to modify the bubblewrap flags to increase security.

Though filesystem isolation is not its goal, it’s meant to emulate that homebrew use which is unsandboxed.