Handle AppImages that bundle everything
Opened this issue · 4 comments
Although we generally don't recommend it, some projects have good reasons to build AppImages that bundle everything. This is especially true for applications that cannot be built on older LTS build systems, but where the intended audience includes users with such systems. Prominent example: Inkscape.
When you run the official Inkscape AppImage through this tool, however, you get
appimagelint.glibc_abi_check[6960] [INFO] [✖] AppImage can run on Ubuntu trusty
appimagelint.glibc_abi_check[6960] [INFO] [✖] AppImage can run on Ubuntu xenial
This is not correct. If you try it out you will find that this AppImage in fact does run on those systems.
This application assumes that the blacklist is being respected. This "bundle all" stuff simply isn't standardized, there's no way to reliably detect that (it's a mess!).
The glibc ABI check is correct in the sense that the app's binaries require a newer libc. You cannot know whether such a libc is contained in an AppImage, and you cannot ensure that even if that's the case, this will then be loaded.
Arguably the (human readable) message of the check isn't totally correct.
I don't see how this edge case could be supported without significant work and making too many assumptions over the AppImage's workflow. This is a static analysis tool, and doesn't employ runtime checks. Let's call this a false negative.
This application assumes that the blacklist is being respected. This "bundle all" stuff simply isn't standardized, there's no way to reliably detect that (it's a mess!).
Simple:
Check whether glibc is bundled and if yes, don't require the blacklist being respected but instead require that all dependencies are bundled.
You cannot know whether such a libc is contained in an AppImage
Why? Just check for it...
That's not sufficient IMO. You also need the linker. And that stuff must then also be used actually. What if some script just copies it into some random, pointless location and it's never used?
OK, some more checks ;-)