--- title: NLNET AppBunlder --- # NLNET AppBunlder Thematic call: NGI Zero Core **Abstract:** AppBundler is an open-source project that simplifies the deployment of GUI applications developed in Julia, addressing critical challenges in cross-platform distribution, sandboxing, and dependency management. By leveraging Julia's excellent package manager and BinaryBuilder, AppBundler creates self-contained application installer bundles for macOS, Linux, and Windows from a single dependency manifest file. The developed recipe system allows surgical customizations using native bundle configuration files, and integration with modern sandboxing technologies enhances security and user trust, significantly lowering the barrier to entry for scientific software cross-platform development and distribution. The project will improve existing bundling recipes, tackle sandboxing issues for strict confinement environments, incorporate diverse compilation methods, and integrate open-source bundling tools. Expected outcomes include easier distribution of Julia GUI applications through major marketplaces, a streamlined bundle creation process, and the creation of Julia distributions with precompiled dependencies for educational settings. **Have you been involved with projects or organisations relevant to this project before?** Over the past decade, I've been deeply involved in Julia's ecosystem, both as a user and contributor, which has been instrumental to my academic success and has developed my expertise in scientific computing and software engineering. My past work spans diverse areas, from developing `LaplaceBIE.jl` and `SurfaceGeometry.jl` packages for boundary integral methods in 3D electrostatics and magnetostatics to conducting large-scale simulation postprocessing analysis using C++ and ROOT during my internship at CERN's ATLAS group. During my PhD at TU Delft, I applied various numerical techniques to condensed matter systems, gaining proficiency with HPC clusters and job schedulers. All these diverse experiences have given me a solid foundation for working on the most complex software projects. After completing my theoretical physics PhD at TU Delft, I wanted to use my ability to solve complex problems in domains and activities where my contributions could lead to improvements in everyday experiences. E-voting, which had captured my attention during my PhD years, emerged as an ideal focus that presented itself as an intriguing problem with tantalising effects. This renewed my lost curiosity and led me on a joyful journey, driving me to learn the current art of applied cryptography, leading to projects like CryptoGroups.jl and CryptoSignatures.jl implementing the FIPS 186.4 standard. I also successfully implemented Verificatum compatible proof of shuffle, which is a backbone of the majority of E2E verifiable voting system designs based on the ElGamal cryptosystem and was presented in JuliaCon 2022 with `ShuffleProofs.jl` package [1]. Eventually, I had all the components to implement the Haenni & Spycher voting system, which significantly advanced my ability to tackle large-scale, complex, full-stack software projects that I presented in JuliaCon 2024 [2]. I started the AppBundler project when I faced the need to distribute my QML application across all major desktop operating systems. It was inspired by the progress made by ApplicationBuilder, where the developer managed to submit a game implemented in Julia to the MacOS app store. The project was no longer being maintained, and it was evident that supporting distribution over sandboxed environments, which had become more popular, would require a different approach. This is essential to increase the security of users to ensure that installed software cannot infect their operating system with malware/spyware, much like we trust web browsers to shield us from malicious interests. During the project, I created a recipe system to support surgical customisation options with native configuration files while maintaining a clear separation in an application project directory structure. I implemented snap, MSIX, and dmg bundling recipes and furiously debugged them until I managed to get them to work with Julia GUI applications. MacOS DMG recipe now also works in a sandboxed environment, whereas MSIX and snap use full trust permissions, which would be great to address with this project. The package is usable, and I demonstrated it in the JuliaCon 2024, which had gained significant attention and interest [3]. However, further work could be done to improve user experience and make the project maintainable in the long term with CI integration tests, which is the goal of this NLNET grant application. [1] **Jānis Erdmanis**. [*Zero knowledge proofs of shuffle with ShuffleProofs.jl.* JuliaCon 2022](https://www.youtube.com/watch?v=2P2FBP47b8c) [2] **Jānis Erdmanis**. [*Unveiling Full Stack Development with PeaceFounder.* JuliaCon 2024](https://www.youtube.com/watch?v=--agWtyxfJo&t=983s&pp=ygUMcGVhY2Vmb3VuZGVy) [3] **Jānis Erdmanis**. [*AppBundler.jl - Bundle your Julia GUI Application* JuliaCon 2024](https://www.youtube.com/watch?v=wICPVpDa7aw&t=207s&pp=ygUKYXBwYnVuZGxlcg%3D%3D) [4] [Portfolio website: janiserdmanis.org](janiserdmanis.org) **Explain what the requested budget will be used for?** The budget of 10,000 euros will cover a 6-month full-time salary at 1500 euros/month (9 euros/hour) for a total of 9,000 euros. The remaining 1,000 euros is allocated for attendance at one conference within Europe. All work will be incorporated into the existing `AppBundler.jl` GitHub repository released under MIT license. **Milestone v0.2.0:** In the first three months, the work would focus on investigating the use of open-source packaging tools for MacOS and Windows and their integration with AppBundler. This would eliminate the need for users to set up their machines, as the relevant binary dependencies would be retrieved along with AppBundler. This would allow us to support complete bundle creation steps without relying on postprocessing instructions. The ultimate demonstration of these new capabilities would be with a GitHub action script that would create bundles with every new tagged release in an automated way. **Milestone v0.3.0:** The second half of the project would focus on adding features such as the ability to specify compilation options and select PackageCompiler or upcoming `juliac`, cleanup of resulting bundles, custom Julia distribution creation, test infrastructure and extending documentation. Along with these simple tasks, the work will focus on resolving sandboxing issues in strict confinement for Snap and MSIX and possibly flatpack bundles. Resolving those issues would ultimately enable the distribution of Julia GUI applications within Windows, Linux and MacOS marketplaces. If all goals of `Milestone v0.2.0` were achieved, the result would require low maintenance, as Julia had pledged to be backward compatible. The test infrastructure developed with Milestone v0.3.0 would enable quick regression identification and foster trustworthiness and reliability for those who become first-time Julia users. **Compare your own project with existing or historical efforts:** AppBundler represents a significant advancement in the deployment of GUI applications developed in Julia, addressing several limitations of existing solutions: 1. Cross-platform focus: Unlike many existing tools that target a single platform, AppBundler aims to simplify deployment across macOS, Linux, and Windows simultaneously. This comprehensive approach is unique in the Julia ecosystem and not common in other language communities. 2. Modern sandboxing support: AppBundler targets contemporary packaging formats that support sandboxed environments (Snap, Flatpak, MSIX, macOS entitlements). This focus on security and user trust is not present in older Julia deployment tools and is still emerging in other language ecosystems. 3. Flexible compilation options: While tools like PackageCompiler in Julia offer static compilation, AppBundler will provide multiple compilation methods (PkgImages, SysImage, and potentially juliac), allowing developers to balance between startup time, package size, and development iteration speed. 4. Recipe-based system: Unlike ApplicationBuilder (now deprecated), which internalised configuration options, AppBundler uses a recipe system. This approach allows for surgical precision customisations and hence fosters lasting community contributions for sandboxed environment configurations. 5. Integration with Julia's package ecosystem: AppBundler's deep integration with Julia's package manager and `Manifest.toml` system provides dependency management and reproducibility that's not easily achievable with general-purpose deployment tools. 6. Educational focus: The project's ability to create Julia distributions with precompiled dependencies addresses a specific need in academic settings, which is not a primary focus of existing deployment tools in the Julia ecosystem. 7. Marketplace readiness: By resolving sandboxing issues and adhering to modern packaging standards, AppBundler aims to make Julia GUI applications ready for distribution on major app marketplaces. This level of integration is not currently available for Julia applications and is still emerging for many other programming languages. In summary, while deployment tools are available both within and outside the Julia ecosystem, AppBundler combines Julia-specific optimisations, cross-platform support, modern packaging standards, and flexible compilation options in a way that is not currently available. It aims to bring the deployment experience of Julia GUI applications on parity with or exceed that of web technologies, potentially opening up new avenues for Julia in GUI application development. **What are significant technical challenges you expect to solve during the project, if any?** 1. Investigating the ability to use open-source packaging tools and create BinaryBuilder recipes: - `rcodesign` and `libdmg-hfsplus` for DMG packaging (macOS) - [MSIX packaging toolchain](https://github.com/microsoft/msix-packaging) for Windows - `flatpack-builder` for flatpack (Linux) These tasks may require significant effort due to sparse documentation and potential unforeseen issues that may only surface during development. Completing them would make it easy to support bundle creation in an automated way via GitHub actions or other continuous integration pipelines, as all packaging tools would be carried by the AppBundler package. In case the integration work of macOS and Windows packaging exceeds the first milestone timeframe, the creation of the flatpack recipe would be skipped as Snap format already covers Linux. 2. Cross-platform deployment and compatibility: - Ensuring the AppBundler can create functional bundles for "Host->Host" environments across different operating systems - Fully integrated postprocessing steps on Linux for bundle creation for all desktop operating systems. `Host->Host` bundle creation can already be performed with existing infrastructure using native recommended packaging tools, as currently documented in the AppBundler project. This is, however, undesirable as they depend on the environment setup, which can be prone to errors and unexpected changes; hence, dependence on them would create a maintenance burden. Instead, this task would be much easier to accomplish if open-source tools could be used and installed as dependencies with AppBundler, as addressed by the previous challenge. In addition, an open-source toolchain is essential for using only Linux as the build system for creating corresponding bundles for MacOS and Windows. This would make `AppBundler` future-proof and make the tool relevant once Julia gets cross-compilation support. 3. Debugging sandboxing issues: - Resolving Julia linking issues at startup in a strict MSIX sandboxed environment on Windows - Debugging Gtk dependency linking issues in fullTrust MSIX sandboxed environment on Windows - Resolving snap sandboxing issues in strict confinement for OpenGL applications on Linux These challenges are critical for enabling Julia GUI applications to be distributed on leading marketplaces and may require extensive troubleshooting and engagement with respective packaging communities. 4. Implementing automated testing: - Creating automated tests for bundle creation and their successful installation for CI - Developing a testing infrastructure to verify the correct functioning of bundle recipes This challenge involves creating a robust testing framework that can work across different operating systems and packaging formats, which is complex due to the diverse environments involved. Another challenge comes from designing GUI tests that do not need user interaction to answer whether an application bundle recipe is functional. 5. Integration of multiple compilation methods: - Integrating SysImage creation via PackageCompiler as a compilation option - Exploring and potentially integrating `juliac` as a compilation target when it becomes available - Implementing an API to easily customise and switch between compilation methods (PkgImage, SysImage, juliac) This challenge involves working with different compilation approaches and ensuring they can be seamlessly integrated and selected with the AppBundler exposed API. By addressing these challenges, the project aims to significantly lower the barriers to scientific software development in Julia and expand its ecosystem into non-traditional domains. It will also enable the creation of Julia distributions with pre-installed and pre-compiled dependencies for educational settings. **Sustainability and Long-term maintenance** The AppBundler source code will continue to be maintained under a public GitHub repository under an open-source MIT license. Comprehensive and easily accessible documentation would be added using `Documenter.jl`, expanding the reach of the user base. Open pull requests for regressions and issues for more considerable changes will be encouraged. The continuous integration, which will be addressed with challenges 1-3, will be instrumental in quickly catching bugs with new pull requests or new Julia releases. Furthermore, Julia's backward compatibility pledge, held for many years, would reduce the need for constant updates. The ability to use AppBundler to create Julia distributions with precompiled dependencies would attract academics who use Julia for teaching, expanding the user base further and attracting new contributors. Compatibility with Gtk.jl, QML.jl, Makie.jl and PackageCompiler.jl would ensure that AppBundler stays relevant to Julia's evolving ecosystem. Additionally, engagements with existing Julia projects like Genie.jl and Jolin.io that had shown interest in distributing their software as stand-alone applications will also be cultivated to share responsibilities for AppBundler maintenance in the long term. **Describe the ecosystem of the project, and how you will engage with relevant actors and promote the outcomes?** The project will engage with the Julia community, GUI framework developers, and the community surrounding packaging formats (Snap, Flatpak, MSIX). Outcomes will be promoted through: 1. Making comprehensive documentation and step-by-step guides to address various use cases. 2. Presentations at open-source conferences where Julia will be marketed as a viable alternative for developing stand-alone desktop GUI applications. This will be achieved by leveraging AppBundler for easy deployment while highlighting Julia's superior scientific computing ecosystem and visualisation frameworks like Makie. 3. Engaging with academics who use Julia in teaching and currently experience wasted time in precompilation when Julia is first set up and assisting them in creating Julia distributions. 4. Engage with Julia users who create GUI applications using suboptimal distribution methods. Also, engage with the Genie.jl and Jolin.io projects, which have shown interest in distributing stand-alone applications. 5. Updating Julia community discourse AppBundler.jl announcement with the newly added features; 6. Engaging with communities surrounding packaging formats (e.g., Snap, Flattpack, MSIX, DMG) 7. Open-source contributions and pull requests to relevant Julia packages (Gtk.jl, QML.jl, PackageCompiler.jl)