Turns out the port problems was a hardware issue on the teensy, My R4 WiFi powers up and connect to IDE just fine. (I will change the heading of this thread shortly)
But I would still like to get the desktop link working again, and restore the Arduion 2.3.4 icon in "Show Apps" and/or dash
@BitSeeker there is no error message when I click on the desktop link.
Here are the contents:
[Desktop Entry]
Type=Application
Name=Arduino IDE 2.3.4
Exec=/home/<my_user_name>/ARDUINO/arduino-ide_2.3.4_Linux_64bit.AppImage
Right click the launcher icon and select 'properties'. Under the 'Permissions tab make sure that 'Allow this file to run as a program' is ticked. Then under the 'Lanucher' tab, make sure that both 'Allow this file to run as a .desktop file' and 'Set this fie as trusted' are both checked. I suspect the latter will probably not be. The .desktop on neither of my computers has the --no-sandbox added but I have no idea whether it might be needed on Ubuntu or not.
There was a change implemented some while back to improve security of desktop launchers which affected both my Mint and MX computers, but I am not sure whether it affects Ubuntu nor from which version, of whether the launcher on Ubuntu has the same options in its properties. I did have an error message pop up on mine though after it happened.
Many thanks MrY, adding --no-sandbox and the icon launches the IDE now. Excellent
But what is sandboxing in this context? (or any context for that matter?)
And why didn't I need that under 22.04.05 ?
PS: I asked Google Gemini and it explained how sandboxing helps improve security. So I'd prefer to avoid the --no-sandbox option, if there's a better way?
BTW BitSeeker, the properties dialogue box has changed under 24.04.1 but I did have "Executable as Program" turned on before I started this thread (+ I have checked via chmod that x's are in place). See attached ...
Curious that was not reflected in the ls -l output you provided.
Sandboxing is a means to execute a program in an isolated environment that doesn't have access to root privileges or the main operating system. It is a means of securing the operating system from being hacked via a vulnerability within the application that an attacker might otherwise exploit to gain and elevate privileges on a system. For this reason it is normally not a good idea to remove or bypass sandboxing, so it is interesting that running Arduino IDE on Ubuntu requires it, but running on other Debian or Ubuntu derivatives such as Mint and MX does not (at least yet).
I would imagine that this is a feature that was probably introduced into Ubuntu 24.xx.x which is why it didn't crop up before. It seems this has already been addressed on another thread:
This discusses a means to deal with this problem by setting up an AppArmor policy.
I think the desktop file being set to executable is not a problem, but it is also unnecessary.
The "--no-sandbox" option is also very confusing to me as well. I don't remember when it was first required, but it wasn't required when I upgraded to 24.04, and then it was when I upgraded to 24.04.1.
There have been some discussions about messing with the AppArmor policy, but I have never explored that route.
I really wish that Arduino would create an installation for Linux that takes care of everything — file permissions and a working desktop.
@BitSeeker The appimage file needs to be set to executable, but the .desktop file does not.
IMHO this is one confusing mess. The finger probably points towards Ubuntu, but as mentioned earlier, it would make things so much more pleasurable if Arduino provided an installation script that took care of it all. At the very least, they should provide an icon file and a working .desktop, and setting permissions on the appimage file.
Again interesting, as this is different to what I have on both of my systems where all .desktop files have the executable permission. As a test I removed the executable permission from the launcher and got this:
I put the executable permission back and then it launched as normal again. It would seem that Ubuntu 24.04.x with the sandboxing arrangement - or perhaps the chosen desktop environment (Gnome vs Cinnamon vs XFCE) - handles it differently. The Ubuntu approach does have a certain logic to it since one is not running the launcher, but the executable that the launcher is pointing to, but I agree it is confusing. Interesting to note for reference though. Perhaps the developers will sort it in due course.
I dare say that if Ubuntu have introduced this, then other derivatives will eventually follow.
I just looked at Fedora, and it appears they take care of everything during installation from their software store.
So, I amend my previous comment. If Fedora can do it all, Ubuntu should also do it in their software store. Unfortunately, the Ubuntu software store only has v1.8.19 .
I have been happily using Ubuntu for many years, but their idea of Snaps leaves much to be desired.
For grins, I tried installing the IDE on Fedora via the Arduino instructions, and that, too, is a mess.
Good discussion. Totally agree that install process for Arduino on Linux needs to be refined and automated, as per install on Windows has been for yonks.
I still don't have an Arduino icon appearing in "Show Apps" or on my dash. I'm expect I can fix it if I waste more otherwise productive time. Meanwhile It's kinda clunky having to navigate to AppImage every time then double-click to start IDE.
Interesting to see that IDE fails to start on Linux due to missing sandboxing issue on GitHub has been in play since IDE 2.3.2 ... . a workaround is described there, but it's a hassle. Apparently it's quite a difficult problem, caused by Ubuntu security policy change.
I've been involved in computers all my working life although stilll quite green with Linux. But I must say ... it is soooo much faster than Windows for compiling/upload cycles. i.e. more people should try Linux ... especially as Win10 winds down, and Win11 locks you in.
Adding --no-sandbox was necessary before I could use the desktop icon. But it's curious that before that addition I could start the App simply by navigating to it's location and double clicking.
if I avoid starting via the desktop icon, am I still using sandboxing, or not?
However, if I open the file explorer and double-click it, it opens.
As I said earlier, this is a mess. The cleanest solution is for the Linux distribution owners to provide a full and clean installation from their software store, as does Fedora. This would alleviate the Arduino developers from dealing with each Linux distribution individually.
It definitely affects users who made a fresh installation of Ubuntu 24.04 and I would guess the situation will be the same for all newer versions. However, if they instead upgraded from a previous version to 24.04, then the system has a different configuration which will not cause them to be affected (probably because the previous AppArmor configuration persists through the upgrade).
It does not affect users of Ubuntu 22.04, at least not with a vanilla installation. However, it is possible that users who adjust the AppArmor configuration would be affected. Since these users are likely to be aware of AppArmor and its configuration, they probably won't have too much difficulty in installing an appropriate policy for Arduino IDE.
Yes. As was already mentioned by @BitSeeker, the better way is to create an AppArmor policy for Arduino IDE. With that policy in place, you can use Arduino IDE without disabling sandboxing.
The policy is configured to apply to an Arduino IDE installation where the IDE executable is at the path /usr/local/bin/arduino. You must adjust that line to point to the location of the executable on your computer:
(make sure to replace the <my_user_name> placeholder with your actual username)
Since the path is version-specific, make sure to remember to update the policy if you later install a newer version of Arduino IDE under a different path.
Well FYI I upgraded from 22.04.5 LTS to 24.4.1 LTS. I did not encounted sandbox issue in 22.04 , but after ... well I started this thread = I was not immune ...
Following the pointer from BitSeeker (and now you) I implemented the policy solution posted by mariovaldez on GitHub. As I might have to do this again I recorded my steps in my notebook as follows:
Option 1. add "--no-sandbox" to arduino.desktop, as done in arduino.desktop(b)
This works but defeats purpose of new Ubuntu security policy, not recommended.
Option 2. Create a new AppArmor profile for the Arduino IDE (that allows a non-root user to use the sandboxing in a specific application).
$ mv arduino-ide_2.3.4_Linux_64bit.Appimage ~/Downloads
$ cd ~/Downloads
$ sudo cp arduino-ide_2.3.4_Linux_64bit.Appimage arduino (create a copy with filename "arduino")
$ sudo cp arduino /usr/local/bin
$ rm arduino (from ~/Downloads)
$ cd /usr/local/bin
$ sudo chmod +x arduino
create new text file "usr.local.bin.arduino"
$ gedit usr.local.bin.arduino
abi <abi/4.0>,
include <tunables/global>
profile arduino /usr/local/bin/arduino flags=(unconfined) {
userns,
include if exists <local/arduino>
}
$ sudo cp usr.local.bin.arduino /etc/apparmor.d/
reload all AppArmor profiles with:
$ sudo service apparmor reload
$ systemctl daemon-reload
Then editted arduino.desktop file:
[Desktop Entry]
Type=Application
Name=Arduino IDE 2.3.4
Exec=/usr/local/bin/arduino
Now when I click on arduino.desktop icon the IDE starts, presumably without bypassing sandboxing. Yay!
However I still can't find "arduino" icon or "Arduino 2.3.4" in the "Show apps" (bottom left of desktop) or in my dash. Previously I could pin Arduino to the dash, not now. Also when I ran IDE before the dash icon would have Arduino logo, not now. Not a show stopper, but not normal AFAIK. It would be nice to know how revive these ...
I need to change my "Solution" post choice, from MrY's to BitSeeker's post with GitHub link (or yours).
PS: just realised what I'm calling the "dash" above should probably be "dock", although I can choose to "pin to dash" in "Show Apps" ?!
.
