Thanks to @craftyguy my "iced" tool has seen some nice improvements, notably switching from mkosi-sandbox to bubblewrap.

Iced lets you install and run any software from the Alpine package repos without root, it's designed for use on immutable systems like the new postmarketOS Duranium

https://gitlab.postmarketos.org/postmarketOS/iced

@cas @craftyguy out of curiosity, since I didn't see a reasoning in the MR, why the switch to bubblewrap? mkosi switched away from bubblewrap to get rid off the SUID binary.

@lbky @craftyguy basically just because bwrap is already installed on immutable pmOS for flatpak, so it makes sense to reuse it rather than having to install mkosi

@cas @craftyguy niiiice! I still remember our discussion at FOSDEM and am really excited it has seen further development :3

@ljrk @craftyguy yeah I'm still kinda surprised this prototype ended up working so well xD

i think we'll end up shipping it in Duranium at least initially

@cas @craftyguy Just goes to show we need to ship it to more places by default ;)

@lbky @cas @craftyguy afaik mkosi-sandbox is also not really supposed to be split off from the rest of mkosi, and installing mkosi on a system just to use the sandbox is kinda odd

@cas @craftyguy Glad my incoherent rambling sparked something! :D

Because if it wouldn't have been for you just implementing shit I'd have complained for years to come lol

@ljrk @craftyguy yess, was a really great chat x3

would be cool if you wanna give it a spin and give us some feedback! I can show it to you at congress :3

@cas @craftyguy woah nice! had me confused with https://github.com/iced-rs/iced for a sec :P

@cas @craftyguy this brings immutable pmOS closer to reality. This makes me happy.

@cas @craftyguy Amazing work! Don't tell @l0kod it uses bwrap :P

@cas @craftyguy Oh, this is very neat! Is there a way to ask iced to use something other than the home directory as $HOME, or maybe write files to overlayfs or smth? I'm always slightly annoyed when my "sandboxed" tools (with Toolbox or Distrobox) end up adding all of their dotfiles to various places, even though it's technically immutable the system starts feeling "dirty" after a while as a result ...

@pojntfx @craftyguy would be an easy adjustment i think. not sure how an overlayfs would help

you can run iced clear to nuke everything at any time

@cas
I was like "why use iced when it is a CLI and not GUI" just to find out there are 2 software projects named iced.
@craftyguy

@chfkch @craftyguy ahaha yeahhh we're probably going to rename it, maybe coldbrew? not sure

@cas @craftyguy Ah, neat! I was thinking with an overlayfs it could still write to the home directory from iced's perspective, but it would actually end up in the overlayfs dir, thus not polluting the "host" home dir. Probably not without it's own set of problems ofc :)

When you run `nuke` - does it clear up the (dot)files it created in the home dir as well? That would be super neat!

@pojntfx @craftyguy yeah it keeps the static apk though

where would the overlayfs live? you wanna overlay all of /home?? but i kinda like to be able to install a text editor and use it to edit files

@cas @craftyguy Oh yeah, I mean that would be my main use case too (Vim/Nvim). I might overlay all of /home and put the overlayfs into the XDG state directory, then somehow try and exclude the XDG know directory names (Documents/) and stuff. It's probably an edge use case though, just something I noticed Distrobox does quite well (you can select a custom home directory per box) when I helped set up a device for a friend recently.

@pojntfx @cas iced uses XDG_CACHE_HOME and XDG_DATA_HOME, so you can set/override those when running iced to have it use some other directories.

@cas @craftyguy forgive me if this is rather clueless but using bubblewrap does that mean they're essentially Flatpaks?

@justin @craftyguy no, bubblewrap is just a tool for creating namespaces (in other words, a sandbox). i'd recommend reading about user/mount namespaces to learn more

@cas @craftyguy thanks!

@fossdd @lbky @cas @craftyguy It's definitely meant to be split off, not sure what would make you think otherwise. It's a single standalone python file without any deps except stdlib and optionally libseccomp. You can just vendor it in any project where you might need it. Though since this is a shell script I can imagine pulling in python might be a bit much. I'd immediately rewrite iced in python but if you wanna stick to shell bubblewrap is probably the way to go.

@daandemeyer @lbky @cas @craftyguy woops yeah I only looked at /use/bin/mkosi-sandbox and didn't realize it's library is only single file, that's nice

@daandemeyer @lbky @cas @craftyguy done meow https://gitlab.alpinelinux.org/alpine/aports/-/commit/bebe2d5d4dc20765f40a9deee4c552d7fda8c254

@fun @cas yes it's a coincidence, it has nothing to do with the Rust UI thing

@fun @cas

As you wish.