Coming along nicely.
Have added the type 2 image format to the spec draft.
In contrast to the earlier ISO9660-based AppImage format, the new type 2 format:
- Is not tied to any particular filesystem format (so there might be others in the future); right now my implementation uses squashfs rather than ISO9660
- Does not use a fixed offset to determine where the filesystem image starts, but specifies that the filesystem image starts right after the end of the ELF (however long it is). This means that the runtime does not need to fit into a predetermined amount of space, which is future-proof
- Embeds update information in an ELF section inside the AppImage rather than at a predetermined, fixed offset
- Allows for embedding a digital signature in an ELF section inside the AppImage rather than a
.asc file next to the AppImage
Along with the capabilities of the new features comes a new set of tools that will eventually replace AppImageAssistant, AppImageExtract and friends.
appimagetool right now can:
- Generate an AppImage from an AppDir
- Automatically detect the architecture
- Embed update information inside the AppImage
- Calculate the update information string for Bintray repositories
- Sign the AppImage with GPG and embed the signature inside the AppImage
validate right now can:
- Check the digital signature inside an AppImage to ensure that the AppImage is coming from the original author and has not been tampered with
I am considering - let me know what you think:
- Upload to Bintray
validate into AppImageUpdate
Type 2 AppImages have also learned quite a few new tricks:
--appimage-offset: Print the byte at which the squashfs filesystem begins, for mounting with
--appimage-version: Print the version (git hash) of appimagetool which was used to generate this AppImage
--appimage-updateinformation: Display the update information that is embedded in the AppImage
--appimage-signature: Display the digital signature embedded in the AppImage
--appimage-mount: Only mount the AppImage without executing its payload
--appimage-extract: Only extract the AppImage without executing its payload
--appimage-icon: Only extract the icon of the AppImage without executing its payload
Note that these are not set in stone yet and are subject to change.
Want to try it out?
Generate a signed AppImage:
gpg2 --full-gen-key # Generate a signing key (once)
chmod a+x ./appimagetool
./appimagetool ./XChat.AppDir --sign
Read the signature:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
Validate the signature:
chmod a+x ./validate
gpg: Signature made Sun 25 Sep 2016 10:41:24 PM CEST using RSA key ID 86C3DFDD
gpg: Good signature from "Testkey" [ultimate]
Does it work for you?
Feedback is welcome!