#73842 - [PATCH] pack: Add support for AppImage pack format.

GNU bug report logs - #73842
[PATCH] pack: Add support for AppImage pack format.

Reported by: Noé Lopez <noelopez <at> free.fr>

Date: Wed, 16 Oct 2024 21:52:01 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Message #89 received at 73842 <at> debbugs.gnu.org (full text, mbox):

From: Noé Lopez <noe <at> xn--no-cja.eu> To: 73842 <at> debbugs.gnu.org Cc: Josselin Poiret <dev <at> jpoiret.xyz>, Maxim Cournoyer <maxim.cournoyer <at> gmail.com>, Simon Tournier <zimon.toutoune <at> gmail.com>, Mathieu Othacehe <othacehe <at> gnu.org>, Noé Lopez <noelopez <at> free.fr>, Tobias Geerinckx-Rice <me <at> tobias.gr>, pelzflorian <pelzflorian <at> pelzflorian.de>, Sebastian Dümcke <code <at> sam-d.com>, Christopher Baines <guix <at> cbaines.net> Subject: [Noé Lopez] Re: [bug#73842] [PATCH v5 2/3] pack: Add support for AppImage pack format. Date: Sun, 17 Nov 2024 17:25:53 +0100

Forwarding here since I replied instead of replied to all :/ -------------------- Start of forwarded message -------------------- From: Noé Lopez <noe <at> xn--no-cja.eu> To: Ludovic Courtès <ludo <at> gnu.org> Subject: Re: [bug#73842] [PATCH v5 2/3] pack: Add support for AppImage pack format. Date: Sun, 17 Nov 2024 17:20:48 +0100 Hi Ludovic, Ludovic Courtès <ludo <at> gnu.org> writes: > Hello Noé, > > The patch series LGTM, and tests pass: we’re all set! > Great! Thanks a lot for the time you spent reviewing. > But… one thing I noticed when trying it out is that the resulting > AppImage would fail to run on relatively bare-bones non-Guix systems: > > --8<---------------cut here---------------start------------->8--- > $ ./2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImage > fuse: failed to exec fusermount3: No such file or directory > > Cannot mount AppImage, please check your FUSE setup. > You might still be able to extract the contents of this AppImage > if you run it with the --appimage-extract option. > See https://github.com/AppImage/AppImageKit/wiki/FUSE > for more information > open dir error: No such file or directory > --8<---------------cut here---------------end--------------->8--- > > I wonder if there’s something that can be done on our side about it or > if it’s a limitation of the approach (I expect the latter: ‘fusermount’ > has to be available and setuid root), in which case we could just add a > warning in the manual. > > WDYT? This is an expected error from the AppImage runtime, as said in the output the runtime depends on FUSE 3 to mount the AppImage. The AppImage can still be ran using --appimage-extract-and-run, which I believe we noted in the documentation: >The runtime used by AppImages makes use of libfuse to mount the image >quickly. If libfuse is not available, the AppImage can still be started >using the @option{--appimage-extract-and-run} flag. As for things that can be done from our side, we could change runtime to one that uses other technologies just like supported by “-RR”. > > Interestingly, it works on my Guix System laptop, except if I strace it: > > --8<---------------cut here---------------start------------->8--- > $ /gnu/store/2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImage > Hello, world! > $ strace -f -o /tmp/log.strace -s 500 /gnu/store/2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImage > fusermount3: mount failed: Operation not permitted > > Cannot mount AppImage, please check your FUSE setup. > You might still be able to extract the contents of this AppImage > if you run it with the --appimage-extract option. > See https://github.com/AppImage/AppImageKit/wiki/FUSE > for more information > open dir error: No such file or directory > $ grep 'mount(' /tmp/log.strace > 17569 mount("2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImage", "/tmp/.mount_2i2l6iLZ8WYZ", "fuse.2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImage", MS_RDONLY|MS_NOSUID|MS_NODEV, "fd=5,rootmode=40000,user_id=1000,group_id=998") = -1 EPERM (Operation not permitted) > 17570 mount("2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImage", ".", "fuse.2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImage", MS_RDONLY|MS_NOSUID|MS_NODEV, "fd=6,rootmode=40000,user_id=1000,group_id=998") = -1 EPERM (Operation not permitted) > 17571 mount("/dev/fuse", ".", "fuse", MS_RDONLY|MS_NOSUID|MS_NODEV, "fd=6,rootmode=40000,user_id=1000,group_id=998") = -1 EPERM (Operation not permitted) > --8<---------------cut here---------------end--------------->8--- > > Ludo’. I’m pretty sure a process attached with ptrace can’t exec SUID programs, for security reasons (ptrace allows you to change the code of the attached program so its a privilege escalation). I think you can run it with “sudo -E strace -f -o /tmp/log.strace -s 500 /gnu/store/2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImage”. Have a nice day, Noé -------------------- End of forwarded message --------------------

This bug report was last modified 178 days ago.

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #73842 [PATCH] pack: Add support for AppImage pack format.

GNU bug report logs - #73842
[PATCH] pack: Add support for AppImage pack format.