It’s been a long day and I’m probably not in the best state of mind to be asking this question, but have you guys solved packaging yet?
I want to ship an executable with supporting files in a compressed archive, much like the Windows exe-in-a-zip pattern. I can cross-compile a Win32 C program using MinGW that will always use baseline Win32 functionality, but if I try to build for Linux I run into the whole dependency versioning situation, specifically glibc fixing its symbol version to whichever Linux I happen to be building from at the time. But if I try to static link with musl, the expectation is that everything is static linked, including system libraries that really shouldn’t be.
AppImage is in the ballpark of what I’m looking for, and I’ve heard that Zig works as a compatibility-enhancing frontend if you’re compiling C. I’d just like something simple that runs 99% of the time for non-technical end users and isn’t bloated with dependencies I can’t keep track of. (No containers.) Is this easily achievable?
I’m curious why you would think that containers are bloat? They require virtually no resources and are built into the kernel. A container is literally just a flag that you add when you exec on an executable binary.
Containers aren’t too bad for storage from a developer’s perspective. I’m talking about the dependency versioning bullshit of flatpak and snap specifically for end users. I don’t know if AppImage technically counts as a container, but the whole point of it is to ship libraries the end user doesn’t have, which implies a fundamental flaw in the hierarchical dependency tree or distribution model - the end user should already have everything they need to run software.
How can you guarantee that depencies are compatible across versions? That’s a fundamental point I think you are missing.
I don’t use dependencies that don’t have a history of backwards compatibility, and when I do, I ship them. It’s SOP to assume basic things like a GUI “just work”, and it’s also SOP for Ubuntu to ship non-functional programs that were broken by GTK and Qt updates. I’d rather have buggy/broken software with undefined behavior than software that just doesn’t run.
Sorry to interrupt but I want to point out that Flatpaks are not containers. It is just sandboxed with bubblewrap which isn’t the same thing. It is closer to chroot and firejail.
For desktop containers use Podman and Distrobox
Flatpak absolutely does use containers for sandboxing. Bubblewrap is wrapper for Linux namespaces. Containers is just another name for the underlying kernel technology called namespaces. Same goes for Docker, LXC, Podman, systemd-nspawn, Firejail, etc. It’s all just userland frontends for kernel namespaces.
man bwrap
, you can also use the genericunshare
to create them andnsenter
to enter those same namespaces. It’s cool technology, it’s very easy to use, a simple flag on your exec or opening of an existing fd is all that is required. I used to work on one of the many userland frontend, even have gotten a couple PRs from Jess Fraz who was one of the core Docker devs. Userns still scares the shit out of me (pretty much every single escape has come from them).Here’s a fun experiment for you: create a root fs using debootstrap and then enter it using unshare and chroot! Tada! Container!
I don’t believe a chroot is a container. You are just switching root for the process. The same thing happens when you boot with a initramfs
It also might just be a terminology difference
No a chroot is indeed not a container/namespace. I’m not sure what you’re getting at here. Flatpak isn’t a chroot and what I suggest you try isn’t either.