flathub
flathub copied to clipboard
flathub
Move org.getmonero.Monero into the upstream repository
Move the manifest of org.getmonero.Monero into the monero-gui repository just like it's done in OBS .
@barthalion we would like the monero flatpak to be pulled from the official repo.
Any pointers to documentation or how to get started would be greatly appreciated.
Also, Would this also add Verified Status? Is Flathub beta requires for both Verified and to self host?
Thanks, and apologies for not RTFM
Please have a look at https://github.com/obsproject/obs-studio/blob/master/.github/workflows/flatpak.yml which uses https://github.com/flatpak/flatpak-github-actions to build its Flatpak. You can comment out flat-manager-client part and build only flatpak bundles for now – when we review the pipeline, I will send you a token allowing to push directly to our flatpak repository.
As for verification badge, @BigmenPixel0 can log in at https://beta.flathub.org/login and generate an HTTP token that needs to be exposed at a specific org.getmonero address.
Please have a look at https://github.com/obsproject/obs-studio/blob/master/.github/workflows/flatpak.yml which uses https://github.com/flatpak/flatpak-github-actions to build its Flatpak. You can comment out flat-manager-client part and build only flatpak bundles for now – when we review the pipeline, I will send you a token allowing to push directly to our flatpak repository.
As for verification badge, @BigmenPixel0 can log in at https://beta.flathub.org/login and generate an HTTP token that needs to be exposed at a specific org.getmonero address.
I have some questions about a token.
- Could you send a token to the monero-gui repository owner (not now, I will message again)?
- Is it possible to somehow protect the token from leaks (and not only. so this is not built on trust)? For example, so that you can push the application only from the certain source? (make a pull request, and then, a verify workflow on flathub repo could check, for example, that the hash of the build file is listed here https://www.getmonero.org/downloads/hashes.txt)
- No. Once handed out the token, you are fully responsible for managing it securely.
@barthalion regarding question 1 above: can we get the token sent directly to a member of the Monero Core team (basically the trusted guardians of the project who maintain critical infrastructure) encrypted with one of their PGP keys? so only you and they know.
@barthalion can you encrypt the token with this public key https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/luigi1111.asc and post the message here and i will get it to luigi. Thanks!
Well, I added appstream tool for validate the appdata every release. Is flatpak-builder-lint really needed? Because it's not in the fedora repositories (or is it in another package?).
-----BEGIN PGP MESSAGE-----
hQEMA7oYE4lO3Vi5AQf/ZR5JIwkhu6gLEFa9OeQdNDaP4Qr1EIeJHlib0FXIJaAN
o9oyoIpzdwsKkU10H3Y710QU8m0mN8dpvDWk3qYRCHRpYbxGTml8kW/x7OdaCqzA
8biqWGM/Vfwg1b7VFVXuwpPU6eNVql0j/j8JPwSZHTevWNK2y5nWp4iVOTtD41/z
Mi01I9cVWsTGvOe7mBqulLGbrIWth8fpIv6QhLfnm08+QhWqydExjw517xhwhq23
7DByaS187PgyDT6EGQGBOUwKWakCyJYobvvPtlBmYLmuqeq9eVK0VtN4wTi1l2tq
QUf/klvw9tGuDkNGiZkeS5uc1Yw7TK535cJuvbtKodLAjwFhhhoIr1H3VhqGzo48
lolmGMjzmLnwO+EiBAiOwLab/F641Cam47SpmtbckVVGtQJiOMfA5jUTZ2wnOWY0
RQGgPnLj3+BmQVhwddLyzIpAvguyBmeGwmL8rrTpkxmLKdoqRJy+425UMiHkr2ga
blSPvJuwu9BmdNVjGJGxVnnAsj0Uq4FoDbPXUSUcxYDxjbBliGcAYLOd9wHXKiaQ
haDJ+1c2vEj+PBUAAZCK2Be8fgO96482vZHkIHVk1VG+HCN6umE8fMVWner3+hcG
m/H2JU1k02o5pc+5D+8omFjrtbBOjxOL3EplfJM8FDYy9G669VCYLfRm6u/8+rYp
yJyGQXaDSabJDU3K/nbI+3hwMybQbzTqowxlbKsrKgdnjlwiG4mfFUfkDCUgayBH
BfsO1+FMbM7zF0TPxCm8y0Z9B71xCy15GAzHTFqtqMQi
=9UjO
-----END PGP MESSAGE-----
Please note this is a beta token. Let me know when a first build is uploaded so I can review it.
Also, Monero should get verified on flathub.org before I send you the stable token.
Please note this is a beta token
So does it upload the app to Flathub Beta?
@barthalion A beta build was uploaded. https://github.com/monero-project/monero-gui/actions/runs/5895208662
Any updates on this @barthalion? We need to obtain the verified status first right?
here is the workflow using the beta api key https://github.com/monero-project/monero-gui/blob/master/.github/workflows/flatpak.yml
I see two remotes being pushed out to flathub-beta right now, app/org.getmonero.Monero/x86_64/master (last commit 2023-10-11) and app/org.getmonero.Monero/x86_64/beta (last commit 2023-10-12). Which is the one I should be looking at?
If master is the one to look at, screenshots are not mirrored:
<screenshots>
<screenshot type="default">
<caption>A screenshot of the Monero GUI wallet</caption>
<image type="source">https://raw.githubusercontent.com/monero-project/monero-site/master/img/downloads/gui.png</image>
</screenshot>
</screenshots>
If
masteris the one to look at, screenshots are not mirrored:<screenshots> <screenshot type="default"> <caption>A screenshot of the Monero GUI wallet</caption> <image type="source">https://raw.githubusercontent.com/monero-project/monero-site/master/img/downloads/gui.png</image> </screenshot> </screenshots>
Yes, master. Should it be solved so?
Yes, that's the right parameter. There are other upcoming changes:
Flathub will be enabling server-side build validation on a tentative date of November 6th. This will require some changes to your pipeline for publishing new builds:
- the validation part can be replicated by using
docker pull ghcr.io/flathub/flatpak-builder-lint:lateston the ostree repo produced by flatpak/flatpak-builder. Example usage:flatpak-builder-lint --exceptions repo /path/to/ostree/repoflat-manager-client createneeds to include--build-log-url $URL, where $URL points to a pipeline building the flatpak. This is also exposed by the latest release of the flatpak/flatpak-github-actions/flat-manager GitHub Action.
Also please make sure the pipeline that will be used to push stable build to regular Flathub uses stable branch.
Yes, that's the right parameter. There are other upcoming changes:
Flathub will be enabling server-side build validation on a tentative date of November 6th. This will require some changes to your pipeline for publishing new builds:
- the validation part can be replicated by using
docker pull ghcr.io/flathub/flatpak-builder-lint:lateston the ostree repo produced by flatpak/flatpak-builder. Example usage:flatpak-builder-lint --exceptions repo /path/to/ostree/repoflat-manager-client createneeds to include--build-log-url $URL, where $URL points to a pipeline building the flatpak. This is also exposed by the latest release of the flatpak/flatpak-github-actions/flat-manager GitHub Action.Also please make sure the pipeline that will be used to push stable build to regular Flathub uses
stablebranch.
I don't understand well how does the linter work. What argument type do I have to enter? If repo, which path? Also, does it have to start before the building or after? And at the end, how should I perform the second point in github-actions? :)
@barthalion, are you waiting for the verified status? We want to get it after (after this moving). Do we have to do it before?
The new automatic workflow (without barth involved) needs to first have verification, before you can push anything afaik
Is @barthalion even still active?
Consider opening an issue at https://github.com/flathub/flathub to ask about this so maybe someone else from Flathub can reply and not waiting forever for a person that is no longer responsive?
Yes, I am. Maybe try to look around before producing another notification cluttering my inbox?
Unless the app gets verified and https://github.com/monero-project/monero-gui/pull/4231 is merged, I don't think there's much to talk about right now.