TheAssassin/appimagelint

Handle AppImages that bundle everything

Opened this issue · 4 comments

Although we generally don't recommend it, some projects have good reasons to build AppImages that bundle everything. This is especially true for applications that cannot be built on older LTS build systems, but where the intended audience includes users with such systems. Prominent example: Inkscape.

When you run the official Inkscape AppImage through this tool, however, you get

appimagelint.glibc_abi_check[6960] [INFO] [✖] AppImage can run on Ubuntu trusty
appimagelint.glibc_abi_check[6960] [INFO] [✖] AppImage can run on Ubuntu xenial

This is not correct. If you try it out you will find that this AppImage in fact does run on those systems.

This application assumes that the blacklist is being respected. This "bundle all" stuff simply isn't standardized, there's no way to reliably detect that (it's a mess!).

The glibc ABI check is correct in the sense that the app's binaries require a newer libc. You cannot know whether such a libc is contained in an AppImage, and you cannot ensure that even if that's the case, this will then be loaded.

Arguably the (human readable) message of the check isn't totally correct.

I don't see how this edge case could be supported without significant work and making too many assumptions over the AppImage's workflow. This is a static analysis tool, and doesn't employ runtime checks. Let's call this a false negative.

This application assumes that the blacklist is being respected. This "bundle all" stuff simply isn't standardized, there's no way to reliably detect that (it's a mess!).

Simple:
Check whether glibc is bundled and if yes, don't require the blacklist being respected but instead require that all dependencies are bundled.

You cannot know whether such a libc is contained in an AppImage

Why? Just check for it...

That's not sufficient IMO. You also need the linker. And that stuff must then also be used actually. What if some script just copies it into some random, pointless location and it's never used?

OK, some more checks ;-)