Files
appimages/README.md
2026-03-16 22:14:45 -07:00

2.0 KiB

Unofficial AppImage Directory

This repository exists to contribute to the AppImage ecosystem, with a special focus on supporting AM (AppImage Manager / Appman) users.

It aims to:

  • Provide high-quality, unofficial AppImages for applications that lack native AppImage releases from their upstream developers.
  • Fill distribution gaps by converting selected apps into AppImages.
  • Host them here with signed verification files (BUILD_INFO.json + .asc) so users can easily download and trust the builds for use in AM/Appman.

Verifying the AppImage

All AppImages in this repository are built directly from the official source code releases and include a signed authenticity proof (manifest + GPG signature) to confirm they are unchanged and come from my trusted build process.

One-time setup (do this once)

Import the builder's public key from the repository root:

wget https://git.yourittech.support/yourittech.support/appimages/raw/branch/main/builder-pubkey.asc
gpg --import builder-pubkey.asc

Verify a downloaded file (e.g. Nextcloud-Talk-v2.1.1-x86_64.AppImage)

  1. Download these three files from the version folder (e.g. /nextcloud_talk/v2.1.1/):
  • Nextcloud-Talk-v2.1.1-x86_64.AppImage
  • BUILD_INFO-Nextcloud-Talk-v2.1.1.json
  • BUILD_INFO-Nextcloud-Talk-v2.1.1.json.asc
  1. Check the AppImage integrity with SHA256:
sha256sum Nextcloud-Talk-v2.1.1-x86_64.AppImage

Compare the output to the value of appimage_sha256 inside the BUILD_INFO-Nextcloud-Talk-v2.1.1.json file.

  1. Verify the signed manifest (confirms the SHA256 and build info come from me):
gpg --verify BUILD_INFO-Nextcloud-Talk-v2.1.1.json.asc BUILD_INFO-Nextcloud-Talk-v2.1.1.json

Look for:

gpg: Good signature from "YourITtech.support" [...]

The warning 'This key is not certified with a trusted signature' is normal for a personal builder key and can be safely ignored; the important confirmation is the 'Good signature' line, which means the manifest file is authentic and unchanged from my signed build process.