On Debian-based distros, when an app is available as a DEB or an AppImage (that doesn’t self-update), but no APT repository, PPA or Flatpak, the only option is to manually download each update, and usually manually check even whether there are updates.

But, what if those would be upgraded at the same time as everything else using the tools you’re familiar with ?

dynapt is a local web server that fetches those DEBs (and AppImages to be wrapped into DEBs) wherever those are, then serves these to APT like any package repository does.

I started building it a few months ago, and after using it to upgrade apps on my computers and servers for some time, I pre-released it for the first time last week.

The stable version will come with a CLI wizard to avoid this manual configuration.

Feedback is welcome :)

  • JubilantJaguar@lemmy.world
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    2 months ago

    Looks great, well done.

    Personally, the deb-related annoyance that I have encountered most often in recent years is that there is an APT repo but I have to jump thru hoops to add it. An example is signal-desktop, where the handy one-click installation goes like this:

    # 1. Install our official public software signing key:
    wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg
    cat signal-desktop-keyring.gpg | sudo tee /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null
    
    # 2. Add our repository to your list of repositories:
    echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' |\
      sudo tee /etc/apt/sources.list.d/signal-xenial.list
    
    # 3. Update your package database and install Signal:
    sudo apt update && sudo apt install signal-desktop
    

    Why does Debian-Ubuntu not provide a simple command for this? Yes there is add-apt-repository but for some reason it doesn’t deal with keys. I’ve had to deal with this PITA on multiple occasions, what’s up with this?

    • cqst@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      2 months ago

      Why does Debian-Ubuntu not provide a simple command for this?

      You aren’t supposed to add repos. Ever. https://wiki.debian.org/UntrustedDebs

      Apt is not built with security in mind, at all. The partial sandboxing it does do is trivial to bypass. Adding a repo is basically a RAT Trojan on your computer.

      An example is signal-desktop

      Yeah don’t use signal. They restrict freedom 3 by making distribution difficult. Thats why they trick you into using their RAT repo.

      https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842943

      The least bad option is the unofficial flatpak.

      • JubilantJaguar@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        2 months ago

        Apt is not built with security in mind, at all. The partial sandboxing it does do is trivial to bypass. Adding a repo is basically a RAT Trojan on your computer.

        OK. I suppose this is the correct answer.

        The least bad option [for Signal] is the unofficial flatpak.

        Unless I’m missing something, here we will disagree. Secure or not, FOSS principle-respecting or not, if I’m choosing to install software by X then I’m going to get it straight from X and not involve third-party Y too.

        • cqst@lemmy.blahaj.zone
          link
          fedilink
          arrow-up
          1
          ·
          2 months ago

          Unless I’m missing something, here we will disagree. Secure or not, FOSS principle-respecting or not, if I’m choosing to install software by X then I’m going to get it straight from X and not involve third-party Y too.

          Source code is like a recipe. Getting your food from the chef who made the recipe is fine, but getting it from another chef who… followed the same exact recipe is no different.

          This is how the linux software distribution model works, distro maintainers are a CHECK on upstream.

    • KaKi87@jlai.luOP
      link
      fedilink
      arrow-up
      2
      ·
      2 months ago

      Thanks, and agreed !

      Fortunately, copy/pasting works and you only have to do it once.