Investigate how to add Trezor Suite to Flatpak/Flathub repository #3697
Comments
|
Flatpak offers a lot of advantages over AppImage and Snaps [1, 2]:
Flatpak also drastically reduces the support burden. AppImage requires building for each distro and is painful to use in practice. Flatpak's runtimes reduce the support burden from O(n) distros to O(1) and are much easier to make reproducible. The same is theoretically true of Snaps, but Canonical only really supports Ubuntu. Virtually every non-Ubuntu distro has chosen Flatpak because Red Hat actually put money behind making Flatpak distro neutral. You have the choice between the Freedesktop runtime (major version ~yearly with ~2 years of support) or the RHEL runtime (major version ~3 years, ~10 years of support); although the latter has a drastically reduced set of supported packages. IMO, the only real reason to support Snaps is positioning in the Ubuntu app store. For an advanced technical crowd like Trezor's, the install instructions for Flatpak shouldn't be a high barrier to entry. You could also create a downloadable shell script (or AppImage!) that performs the same task. I believe there is also a way to perform an end run-around the Ubuntu app store via Apt, but I have to check on this. |
|
@indolering can you help us with the flatpak packaging? |
|
Started working on it. I don't have a Trezor device yet, but I'm planning on getting one some time in the future — so initially I would rely on someone to test the application (if I can get it done). Have one question: is Trezor interested on maintaining it? The only reason I ask is because this application is going to be very sensitive (security-wise) for almost everyone, so it's always better if the maintainers/owners are enrolled in the update/maintenance of the packages. Being said that, I'm running into a problem with these dependencies: Moreover, if I were to build the desktop application only, is it needed to clone the entire repository, or just |
|
@prusnak I don't have a lot of spare time : ( |
AFAICT the only way around the Ubuntu app store restrictions would be to submit a stand-in package to the Universe repo that includes flatpak as a dependency and kicks off the flatpak install process using a
There are two alternative methods that accomplish a similar UX without having to give up cryptographic chain-of-custody:
As |
Thanks for the info. In this case, there's no real benefit in dealing with Flatpak/Flathub now and it will make sense to start the effort once the USB permissions portal is implemented. |
prusnak
added
the
blocked
It should reduce your maintenance burden, improve security, and increase availability.
IMHO blocking this on the USB permissions system just complicates the initial port. Even if the USB portal system were available today, I would get Trezor Suite working on Flatpak communicating with bridge over dbus before refactoring it to use a new USB permissions system. Won't you need to maintain equivalent platform abstractions on Windows and Mac anyway? My mental model of |
|
Right now, it is possible to run Trezor devices with the Flatpak installation of the Electrum wallet, which indicates that the situation is improving. However, the udev rules still need to be installed as a separate system package. This requirement appears to be the case even for the latest Trezor Suite AppImage also. It also seems to work without the Trezor bridge installed, using WebUSB. |
|
A similar issue with udev rules and Flatpak is being discussed here: flathub/com.valvesoftware.Steam#8. One user suggests a quite nasty workaround, but I'm not sure if it is something we want to do: |
|
What about adding our udev rules to the upstream repository? It won't land in everyone's system anytime soon and there's no guarantee upstream accepts it but it's probably the cleanest solution. Example PR: systemd/systemd#22730 |
I had not idea such thing exists. Let's do it! 🚀 |
|
So I was playing around a bit and I was able to create the Flatpak from the current AppImage using https://github.com/boredsquirrel/Appimage-To-Flatpak. It is probably not the best quality repackage (since I was doing it for the first time ever 😅) but it can serve as a great proof of concept that this is indeed possible. Everything seems to work, including Trezor Bridge, Tor, Camera, and file access (home folder). Double-checking would be needed. Also, I am not sure about these errors when starting the app. I hope this will encourage the creation of a more "professional" version. Also, I will try to tidy it up a bit and share some repo with instructions. |
|
OK, I'm sharing my files with some basic instructions. Please bear in mind this was done by someone not very experienced (me 😅), so it will contain bugs. Since it is using the AppImage as "extra-data" type, it cannot be shared as a .flatpak file unfortunately. |
|
I will try to apply the current version for submission on Flathub, currently only as an unofficial repackaging. The company can take over when resources allow and make it an officially verified way of distributing the app. |
|
The unofficial repackage is up. I hope in the future there will be more resources to support it officially :) |
This will make it easy for Flatpak users to install Trezor Suite via means they are familiar with.
Hopefully, udev-rules can be installed as a part of the bundle, too.
https://flatpak.org
https://flathub.org
The text was updated successfully, but these errors were encountered: