On Debian-based distros, when an app is available as a DEB or an AppImage (that doesn’t self-update), but no APT repository, PPA or Flatpak, the only option is to manually download each update, and usually manually check even whether there are updates.
But, what if those would be upgraded at the same time as everything else using the tools you’re familiar with ?
dynapt is a local web server that fetches those DEBs (and AppImages to be wrapped into DEBs) wherever those are, then serves these to APT like any package repository does.
I started building it a few months ago, and after using it to upgrade apps on my computers and servers for some time, I pre-released it for the first time last week.
The stable version will come with a CLI wizard to avoid this manual configuration.
Feedback is welcome :)
Looks great, well done.
Personally, the deb
-related annoyance that I have encountered most often in recent years is that there is an APT repo but I have to jump thru hoops to add it. An example is signal-desktop
, where the handy one-click installation goes like this:
# 1. Install our official public software signing key:
wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg
cat signal-desktop-keyring.gpg | sudo tee /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null
# 2. Add our repository to your list of repositories:
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' |\
sudo tee /etc/apt/sources.list.d/signal-xenial.list
# 3. Update your package database and install Signal:
sudo apt update && sudo apt install signal-desktop
Why does Debian-Ubuntu not provide a simple command for this? Yes there is add-apt-repository
but for some reason it doesn’t deal with keys. I’ve had to deal with this PITA on multiple occasions, what’s up with this?
Why does Debian-Ubuntu not provide a simple command for this?
You aren’t supposed to add repos. Ever. https://wiki.debian.org/UntrustedDebs
Apt is not built with security in mind, at all. The partial sandboxing it does do is trivial to bypass. Adding a repo is basically a RAT Trojan on your computer.
An example is signal-desktop
Yeah don’t use signal. They restrict freedom 3 by making distribution difficult. Thats why they trick you into using their RAT repo.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842943
The least bad option is the unofficial flatpak.
Apt is not built with security in mind, at all. The partial sandboxing it does do is trivial to bypass. Adding a repo is basically a RAT Trojan on your computer.
OK. I suppose this is the correct answer.
The least bad option [for Signal] is the unofficial flatpak.
Unless I’m missing something, here we will disagree. Secure or not, FOSS principle-respecting or not, if I’m choosing to install software by X then I’m going to get it straight from X and not involve third-party Y too.
Unless I’m missing something, here we will disagree. Secure or not, FOSS principle-respecting or not, if I’m choosing to install software by X then I’m going to get it straight from X and not involve third-party Y too.
Source code is like a recipe. Getting your food from the chef who made the recipe is fine, but getting it from another chef who… followed the same exact recipe is no different.
This is how the linux software distribution model works, distro maintainers are a CHECK on upstream.