I made a local APT repository that automatically fetches DEBs and AppImages from anywhere
On Debian-based distros, when an app is available as a DEB or an AppImage (that doesn't self-update), but no APT repository, PPA or Flatpak, the only option is to manually download each update, and usually manually check even whether there are updates.
But, what if those would be upgraded at the same time as everything else using the tools you're familiar with ?
dynapt is a local web server that fetches those DEBs (and AppImages to be wrapped into DEBs) wherever those are, then serves these to APT like any package repository does.
I started building it a few months ago, and after using it to upgrade apps on my computers and servers for some time, I pre-released it for the first time last week.
The stable version will come with a CLI wizard to avoid this manual configuration.
Feedback is welcome :)
like this
reshared this
OSC Announces Hatch Act Enforcement Decisions (osc.gov)
osc.gov/News/Pages/24-33-Hatch…
memeorandum.com/240906/p37#a24…
Harris raised $361 million in August from nearly 3 million donors, campaign says (Zeke Miller/Associated Press)
apnews.com/article/harris-fund…
memeorandum.com/240906/p36#a24…
The End of Democracy Has Already Begun (The Atlantic)
theatlantic.com/podcasts/archi…
memeorandum.com/240906/p38#a24…
However a 14 year old kid got a gun, that’s wrong.
People always ask what gun safety measures would work.
Georgia currently doesn’t have a minimum age to buy rifles, require gun owners to securely and safely store guns, require background checks on all gun sales, require gun permits, or have red flag laws.
What Georgia does have is some of the weakest gun laws in the country, because of elected Republicans.
Georgia | Everytown Research & Policy:
everytownresearch.org/rankings…
It cost over $70,000 to build this monstrous 88-inch iPhone.
Arun Maini and Matthew Perks spent about a year turning a $25,000 88-inch LG OLED TV into a towering functional smartphone running Android skinned to look like iOS.
Inside the phone are eight 50W speakers, 128GB of RAM, and Canon and Sony cameras for taking photos. It weighs upwards of 440 pounds and requires beefy Anker portable batteries to keep it powered.
#BOINC development status report for the first week of September.
#WSL wrapper is done and merged.
10 obsolete issues closed.
1 small #Linux GUI issue fixed.
Moving now to #Docker wrapper development.
#DistributedComputing #VolunteerComputing #GridComputing #CitizenScience
like this
Hallo Leute,
Kennt jemand ob die WISO Steuer Software kann unter Linux laufen?
Bis jetzt habe ich immer unter Windows 10, aber die Richtung Microsoft jetzt geht wird ich in der Zukunft auf Linux. Die meisten von Software ich benötige kann unter Linux laufen ohne Probleme, das WISO bin ich nicht sicher.
"...Tra gli stakeholder presenti anche Leonardo, Fincantieri e Ansaldo."
Fantastico no?
Tre su tre nel businness delle armi da guerra.
I don't think this question ever gets old! Thoughts?
#AmReading #AmWriting @bookstodon #books #Bookstodon
#WritingCommunity #ReadingCommunity #Regency #Georgian #JaneAusten @romancelandia #EmilyBronte #CharlotteBronte #AnneBronte #Victorian
reshared this
like this
Two very cool things: a) I wrote about lunar swirls, one of my favorite features on the Moon! and 2) the article features a shot I took thru my own telescope, so now I'm a published photographer in Scientific American!
Debbie Goldsmith 🏳️⚧️♾️🇺🇦 reshared this.
barkingspiders
in reply to KaKi87 • • •KaKi87
in reply to barkingspiders • • •Telorand
in reply to KaKi87 • • •rpm-ostreesystems, because any layered packages installed from RPM files have the same limitation of needing to be manually upgraded.like this
timlyo likes this.
KaKi87
in reply to Telorand • • •Semperverus
in reply to KaKi87 • • •like this
timlyo and rovingnothing29 like this.
John Richard
in reply to Semperverus • • •Semperverus
in reply to John Richard • • •marmalade
in reply to John Richard • • •KaKi87
in reply to marmalade • • •I'd be willing to implement additional features for people who are extra careful about security.
Could you please explain what does this consist in ?
Thanks
KaKi87
in reply to Semperverus • • •bizdelnick
in reply to KaKi87 • • •file://scheme or custom apt-transport. HTTP server is needless here. (But I'll never do this because I prefer to rebuild packages myself if there's no repo for my distro.)like this
DaGeek247 likes this.
KaKi87
in reply to bizdelnick • • •With that, I couldn't trigger a download when
apt updateis ran, I could only do a cron, i.e. a delay, that I do not want.I thought about that, but found no documentation on how to do it. If you have any, I'm interested.
Even just finding documentation on how to generate DEBs and APT repository metadata files was very hard.
like this
DaGeek247 likes this.
bizdelnick
in reply to KaKi87 • • •libapt-pkg-doc(/usr/share/doc/libapt-pkg-doc/method.html/index.html).like this
DaGeek247 likes this.
KaKi87
in reply to bizdelnick • • •In an APT package OMG 😂
I found an online version though, which I would never have found through my search engine (and on a site that doesn't even support HTTPS) 😅
Looks like difficult reading too 😭
Thanks anyway.
like this
DaGeek247 likes this.
KaKi87
in reply to bizdelnick • • •like this
DaGeek247 likes this.
keturn
in reply to KaKi87 • • •I went way down the rabbit hole on this one and ended up with a proof of concept that's probably close enough to be able to wire it up: gitlab.com/-/snippets/3745244
I guess it didn't end up too much code, but I'm not entirely sure it's worth it.
(it's after 3 AM? oh no what have I done)
KaKi87
in reply to keturn • • •KaKi87
in reply to keturn • • •keturn
in reply to KaKi87 • • •KaKi87
in reply to keturn • • •keturn
in reply to KaKi87 • • •differently hacky idea:
since you do end up with all the packages in a repository on the filesystem, and you just want to have it do this just-in-time updating when the Packages file is accessed...
what if you list it as a normal
fileapt source, but you make the Packages file a FIFO?it's a cursed idea but I'm not sure it is any less cursed than the other options we've come up with.
it may or may not help to have systemd.socket manage creating the FIFO and running the service.
KaKi87
in reply to keturn • • •What's a FIFO ?
I've also looked into VFS but found nothing I'd have the skills to implement. 😅
Shdwdrgn
in reply to KaKi87 • • •KaKi87
in reply to Shdwdrgn • • •Don't be. I would love to know that an existing and more experienced program does what mine does.
I've been looking for it myself for a long time before deciding to build it.
Here's what I'm reading :
So, not the same thing.
It locally mirrors existing repositories containing existing packages, it doesn't locally create a new repository for new packages from standalone DEBs.
Shdwdrgn
in reply to KaKi87 • • •JubilantJaguar
in reply to KaKi87 • • •Looks great, well done.
Personally, the
deb-related annoyance that I have encountered most often in recent years is that there is an APT repo but I have to jump thru hoops to add it. An example issignal-desktop, where the handy one-click installation goes like this:Why does Debian-Ubuntu not provide a simple command for this? Yes there is
add-apt-repositorybut fo... show moreLooks great, well done.
Personally, the
deb-related annoyance that I have encountered most often in recent years is that there is an APT repo but I have to jump thru hoops to add it. An example issignal-desktop, where the handy one-click installation goes like this:Why does Debian-Ubuntu not provide a simple command for this? Yes there is
add-apt-repositorybut for some reason it doesn't deal with keys. I've had to deal with this PITA on multiple occasions, what's up with this?KaKi87
in reply to JubilantJaguar • • •Thanks, and agreed !
Fortunately, copy/pasting works and you only have to do it once.
cqst [she/her]
in reply to JubilantJaguar • • •You aren't supposed to add repos. Ever.
wiki.debian.org/UntrustedDebs
Apt is not built with security in mind, at all. The partial sandboxing it does do is trivial to bypass. Adding a repo is basically a RAT Trojan on your computer.
Yeah don't use signal. They restrict freedom 3 by making distribution difficult. Thats why they trick you into using their RAT repo.
bugs.debian.org/cgi-bin/bugrep…
The least bad option is the unofficial flatpak.
JubilantJaguar
in reply to cqst [she/her] • • •OK. I suppose this is the correct answer.
Unless I'm missing something, here we will disagree. Secure or not, FOSS principle-respecting or not, if I'm choosing to install software by X then I'm going to get it straight from X and not involve third-party Y too.
cqst [she/her]
in reply to JubilantJaguar • • •Source code is like a recipe. Getting your food from the chef who made the recipe is fine, but getting it from another chef who... followed the same exact recipe is no different.
This is how the linux software distribution model works, distro maintainers are a CHECK on upstream.
Churbleyimyam
in reply to KaKi87 • • •KaKi87
in reply to Churbleyimyam • • •JustARegularNerd
in reply to KaKi87 • • •This might be for the better, but Discord was so infuriating about updates and forcing you to download them what felt like 50% of the time I opened it, I gave up and just use it in Ungoogled Chromium now. I'm pretty sure within a few months I ended up having 15+ debs of Discord in my Downloads folder.
For anyone else trying to use the native Discord app on Debian, I think they'll find this a major treat.
teuto
in reply to JustARegularNerd • • •λλλ
in reply to JustARegularNerd • • •KaKi87
in reply to λλλ • • •I didn't know there was one, that's interesting, thanks.
Updates must still be delayed because of being third-party though.
λλλ
in reply to KaKi87 • • •KaKi87
in reply to JustARegularNerd • • •Discord not automating downloads of DEBs is one of the reasons motivating me to do this.
Personally I need the desktop client because I mod it with plugins that are so useful that I can't do without these anymore.
Alternatively, there are third-party repositories here and here.
There still is delay between Discord releases and repository updates so I still believe dynapt to be the better solution.
cqst [she/her]
in reply to KaKi87 • • •Discord client modifications are against the Terms of Service.
gnu.org/philosophy/free-sw.en.…
Asetru
in reply to KaKi87 • • •KaKi87
in reply to Asetru • • •Well, I'm just automating what people currently have to do manually : visit GitHub and download DEB and install DEB.
If the automated process would be dangerous then the manual process also would be, and that would be on the maintainer for not providing an APT repository or a Flatpak, not on the user for just downloading from GitHub.
cqst [she/her]
in reply to KaKi87 • • •Yeah. You should never do that. Like ever. Build from source; or use a vendored tarball.
wiki.debian.org/DontBreakDebia…
.deb is a terribly insecure nightmare thats held up by the excellent debian packagers, gpg , and checksums, and stable release model. don't use .deb files.
KaKi87
in reply to cqst [she/her] • • •cqst [she/her]
in reply to KaKi87 • • •Yeah, we all are. What's your point?
End users are also developers. All computer users are developers. You are developing.
By making a script that lets me get backdoors and shitty packages with ease?
The linux package distribution system is a nightmare, Debian is the least bad approach. There is basically always a better option to using a .deb file. If you come across something that isn't packaged, I recommend Flatpak, building from source (and installing unprivileged), or using the developers vendored tarball (installing unprivileged).
wiki.debian.org/SecureApt
By using local .debs you lose the benefit of:
ulkesh
in reply to KaKi87 • • •It’s a cool concept, but automation breeds laziness (by design, to an extent) and lazy end users tend to shoot themselves in the foot. So it isn’t great for security, but it also isn’t that much worse for security :)
Since some people with money tend to be litigious, and, of course, I am not a lawyer, I would advise a warning message (or part of the license if you don’t want to muck up your CLI), if you don’t have one, to force the user to accept and acknowledge that the software they are installing using this tool is not verified to be safe.
KaKi87
in reply to ulkesh • • •How is the manual step more secure though ?
What does the user do before downloading a DEB that makes that gap between manual and automated ?
I'd be willing to try and reproduce that, but I don't see anything.
ulkesh
in reply to KaKi87 • • •I didn’t say it was more secure, I said it’s about the same.
The difference is a person being forced to go to a website to download software means more steps and more time to consider the safety of what they’re doing. It’s part psychological.
Not all such packages are retrieved from GitHub, I remember downloading numerous .deb files direct over the past 25 years (even as recent as downloading Discord manually some years back).
The main point I’m making is that you should legally protect yourself, it’s a low and reasonable effort.
KaKi87
in reply to ulkesh • • •You said automation breeds laziness (by design, to an extent) and lazy end users tend to shoot themselves in the foot.
So, my question is : what part of automating download of DEBs from a specific source can be shooting oneself in the foot compared to doing the same thing manually every time ?
The MIT license will take care of that.
Also, to force the user to accept and acknowledge that the software they are installing using this tool is not verified to be safe is inducing fear and/or guilt, therefore is bad UX, I'm not doing that.
ulkesh
in reply to KaKi87 • • •I already answered that first question.
And then all those app store fronts that say whether a flatpak is verified or not is inducing fear and/or guilt and is therefore bad UX. It's not, but you are free to have your opinion.
Have fun then, I'm done wasting my time here.
markstos
in reply to Asetru • • •No matter where you install from, you have to trust the source. Indeed, you have to trust every step in the supply chain.
If you are getting your code straight from the author, you are eliminating an exploit that’s introduced by a compromised account of a packager.
Carry on.
cqst [she/her]
in reply to markstos • • •Which is not what you are doing at all with a .deb file. A .deb file is a binary with a bunch of scripts to "properly" install your package. Building from source is what you SHOULD be doing.
Debian has an entire policy handbook on how packages are supposed to be packaged. Progrmatically you can review the quality of a package with 'lintian'.
.debs made by developers following a wiki tutorial can't even come close. remember, apt installs happen as root and can execute arbitrary code.
Also, debian packagers can be project maintainers, so they can be "the author."
λλλ
in reply to Asetru • • •KaKi87
in reply to λλλ • • •markstos
in reply to KaKi87 • • •This is somewhat re-inventing some things Ansible can do, which is download and install software whether it has a formal or informal source.
Ansible is the automation I use to manage personal and professional servers.
KaKi87
in reply to markstos • • •skimm
in reply to KaKi87 • • •Neat project!
While this might not solve all of your use cases, did you consider a tool like mise?
Theres a number of other options out there such as asdf-vm and others who's names I can't recall. I recently moved from asdf to miss but its a great way to install things on different machines and track it with your dotfiles, or any other repo you want to use. Mise has tons of configuration options for allowing overrides and local machine specific versions.
It won't tie into apt for your upgrades but you could just alias your apt update to include
&& mise up.KaKi87
in reply to skimm • • •takingbacksunday
in reply to KaKi87 • • •flashgnash
in reply to KaKi87 • • •KaKi87
in reply to flashgnash • • •Daeraxa
in reply to KaKi87 • • •KaKi87
in reply to Daeraxa • • •Alright, don't hesitate to ask questions if you have any and request help if you need any
Yes, I mentioned it in the Differences with deb-get & AM section of my tutorial.
Yeah, I could reiterate in that section that my app allows the user to add apps themselves.