PackageManagement
This page is about the various ways to manage the installed software on a ubuntu system. It's for developers to keep track of things.
Global Todo
- Add "Software Preferences" to update-manager. (done)
- Add upgrade-notifier in default.session in the gnome-session package so new users will automatically get notified of updates. (done)
Package Status
- upgrade-notifier is packaged and available in Hoary.
- update-manager is packaged and available in Hoary.
- synaptic is packaged and available in Hoary.
Upgrade Notifier
Will run in the background and show up in the tray if upgrades are available. It monitors /var/lib/apt/lists and /var/lib/update-notifier/dpkg-run-stamp with gamin and recalculates the available upgrades on changes.
It installs a apt-configuration variable that triggers a cron job that will do a apt-get update nightly (cron.daily).
Todo:
- Needs a way to check when the last "apt-get update" was performed and warn the user if it's too old.
Repository: https://oops.kerneljanitors.org/repos/upgrade-notifier
Note: you can also add this line to /etc/crontab (as root or sudo):
0 6 * * * root apt-get update
This updates your local cache of your repositories' current package versions at 6:00 am every day. I wouldn't recommend doing an automatic apt-get dist-upgrade due to possibilities of it breaking your system one day, but updating your package database is harmless. Upgrade notifiers such as the one that comes with Ubuntu and Kubuntu will notice when there are updated packages available even with this cronjob, so no extra configuration is necessary.
Configuration
There should be the following options:
- Way to configure sources used (done with gnome-software-properties)
- Way to enable/disable updates (done with gnome-software-properties)
The actual apt-get update should be done via cron. We need a switch to enable/disable it (and maybe a switch to trigger a update in /etc/ppp/if-up.d).
Update Manager
Ideas by Michiel Sikkes: http://geeklog.eyesopened.nl/index.php/update-manager/
Todo:
Warn the user when a new distribution is released (like Warty > Hoary) which calls dist-upgrade instead of a normal update (partly done with meta-release files)
- Add changelogs to the textview instead of package descriptions (done in hoary)
Synaptic
Todo:
- Needs dist-upgrade support from the command-line (done)
App Install
Ross Burton is working on this.
A magic tool which uses a set of .desktop files with special tags to list packages which can be installed/removed by the user. By explicitly choosing which packages have these tags, the set can be reduced to < 20 and the UI drastically simplified.
Todo:
- Get into Hoary (in hoary)
- Tool to scan package archive and extract .desktop files and icons.
From GlenStampoultzis Thu Nov 25 02:45:38 +0000 2004 From: Glen Stampoultzis Date: Thu, 25 Nov 2004 02:45:38 +0000 Subject: Installation from web browser Message-ID: <20041125024538+0000@https://www.ubuntulinux.org>
If there's one thing Lindows does really well it's making it easy to find and install packages. It would be lovely if you could trigger a package install from a browser (after confirmation from the user of course). The other night i was dreaming of a new feature for the CONTROLS file in a deb....
deb features Maybe add a new line called Get: that auto download stuff from the link put there that way you can legally get the w32codecs on an install...
another feature is to auto download all other stuff the app depends on so the user can download an app from the Internet and double click and something like gdeb opens up and auto downloads all depenedces....
APT features maybe instead of have mirrors of the repo have a bittorret mix with apt so that way there only has to be one mirror and minimal bw is used...
From CarlosFenollosa Mon Jan 17 00:46:18 +0000 2005 From: Carlos Fenollosa Date: Mon, 17 Jan 2005 00:46:18 +0000 Subject: synaptic MIME association with .debs Message-ID: <20050117004618+0000@https://www.ubuntulinux.org>
Apart from installating from web browser, anoter VERY useful feature would be for the user to click in a .deb file, and synaptic opens and installs it. If there are missing dependencies, tries to find them in the repositories that the user had configured. If the file cannot be installed because of dependencies, then warn the user, else install the .deb without needing to open the console.
What do you thing? I saw this feature on suse's YAST
From unknown Sat Feb 5 02:42:00 +0000 2005 From: Date: Sat, 05 Feb 2005 02:42:00 +0000 Subject: synaptic terminal Message-ID: <20050205024200+0000@https://www.ubuntulinux.org>
From RubenVermeersch Sat Feb 5 09:34:15 +0000 2005 From: Ruben Vermeersch Date: Sat, 05 Feb 2005 09:34:15 +0000 Subject: synaptic MIME association with .debs Message-ID: <20050205093415+0000@https://www.ubuntulinux.org> In-Reply-To: <20050117004618+0000@https://www.ubuntulinux.org>
In followup to the message of Carlos Fenollosa: I'm not quite sure whether this would be a good idea, it would encourage users to install custom .debs (which would also impose a slight security risk). Or I might just be paranoid.
From TimFuchs Sat Feb 5 23:17:46 +0000 2005 From: Tim Fuchs Date: Sat, 05 Feb 2005 23:17:46 +0000 Subject: synaptic MIME association with .debs Message-ID: <20050205231746+0000@www.ubuntulinux.org>
Ruben: I don't think that's a real argument, because you can also start shell scripts by clicking on them, the security risks is the same. You can also install packages with dpkg from the shell, so there's no reason to restrict that, in my opinion. The current situation however is really bad: You click on the native package format for software installation of the distro and an archive manager pops up with some files no end-user is interested in. Of course, there should be a dialog informing the user that the software he's trying to install is not supported by Ubuntu and might be a security risk and might even kill the system, but we have to face that users want to install third party software like Skype or Opera, and Ubuntu has to support the user with the installation, in my opion.
From RubenVermeersch Sun Feb 6 14:27:00 +0000 2005 From: Ruben Vermeersch Date: Sun, 06 Feb 2005 14:27:00 +0000 Subject: synaptic MIME association with .debs Message-ID: <20050206142700+0000@www.ubuntulinux.org> In-Reply-To: <20050205231746+0000@www.ubuntulinux.org>
If supplied with some warning that this isn't the good way to install software (possibly with flashing lights & buzzing sounds), very well.
From MichaelVogt Wed Feb 9 09:18:34 +0000 2005 From: Michael Vogt Date: Wed, 09 Feb 2005 09:18:34 +0000 Subject: Installation from web browser Message-ID: <20050209091834+0000@https://www.ubuntulinux.org> In-Reply-To: <20041125024538+0000@https://www.ubuntulinux.org>
A web based software install is easy to setup (also it's a bit of cheating). When you click on install, one could use a "klik://$appname" url and add a protocol handler for this klik url. Ubuntu could easily support this by having a protocol handler for firefox that looks something like this:
#!/bin/sh
# firefox calls it with the URL as argument, e.g. klik://abiword
# strip "klik://"
APPNAME=${1:7}
zenity --question --question-text "Do you want to install: $APPNAME?"
if [ $? = 0 ]; then
gksudo echo "$APPNAME\tinstall"|synaptic --set-selections --non-interactive
fiThis seems to be how http://klik.atekon.de/ is doing it (haven't look a lindows yet). I think it's a bit of cheating as the sources has to be in the sources.list already.
Making deb installable directly via synaptic is a goal that's a bit tricky to reach. The problem is that libapt has no support for it and it's not easy to add (see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=47379).
From CarlosFenollosa Wed Feb 16 22:53:23 +0000 2005 From: Carlos Fenollosa Date: Wed, 16 Feb 2005 22:53:23 +0000 Subject: synaptic MIME association with .debs Message-ID: <20050216225323+0000@https://www.ubuntulinux.org>
Ruben Vermeersch: we can't be paranoid because as Tim said, there is another way to install custom .debs. We are not opening a new security breach but allowing users to perform a teminal-only task in a graphical way.
From CoreyBurger Wed Feb 16 23:01:55 +0000 2005 From: Corey Burger Date: Wed, 16 Feb 2005 23:01:55 +0000 Subject: Webbased installing Message-ID: <20050216230155+0000@www.ubuntulinux.org>
Corey Burger - I cannot disagree more about installing software through the browser. This violates the idea of clear seperation of programs. If the user never gets used to the idea of using the browser to install stuff, then they may be better able to tell themselves that the piece of malware which is trying to install itself is bad. Look at the way it has gone for MS.
Now, if synaptic gets prettier, and serves some sort of content that includes pictures, etc, that is fine, as long as the user runs *Synaptic* to get there, not Firefox (or your favourite browser)
From MikeDouglas Fri Feb 25 05:31:51 +0000 2005 From: Mike Douglas Date: Fri, 25 Feb 2005 05:31:51 +0000 Subject: Webbased installing Message-ID: <20050225053151+0000@www.ubuntulinux.org> In-Reply-To: <20050216230155+0000@www.ubuntulinux.org>
What about a XUL-based extension to firefox? http://update.ubuntu.com could redirect to chrome://softwaremanager and have the power of synaptic with the ease of use of a browser.
From probono Sat Mar 19 12:06:17 +0000 2005 From: probono Date: Sat, 19 Mar 2005 12:06:17 +0000 Subject: Installation from web browser Message-ID: <20050319120617+0000@www.ubuntulinux.org> In-Reply-To: <20050209091834+0000@https://www.ubuntulinux.org>
What you describe is only the easy part, but http://klik.atekon.de does much more: it allows the non-root user to run software from inside a compressed image file that contains an AppDir (like Apple's cmg files). Thus, klik does _not_ need the sources.list or even root access. It does not install anything into the base system. Instead, the whole application and all dependencies that are not yet in the base system are contained in one single compressed file. This way, you can install e.g. OpenOffice.org 2.0 by simply downloading and _one_ file, which gets mounted and executed when you click on it. For more information, please see http://klik.atekon.de/architecture/
From LucasGoss Fri Mar 25 16:00:50 +0000 2005 From: Lucas Goss Date: Fri, 25 Mar 2005 16:00:50 +0000 Subject: Webbased installing Message-ID: <20050325160050+0000@https://www.ubuntulinux.org> In-Reply-To: <20050216230155+0000@www.ubuntulinux.org>
I agree that synaptic should be the place to install and not the browser. But it would be nice to support developers in making it easier to create .debs and submitting them to Ubuntu. Coming from Windows, I find it a difficult process to make packages, even writing make files I find to be a pain. It would be nice to integrate some tools into Anjuta or some other IDE, or even a seperate graphical tool to make .debs (I think the new Anjuta handles makefiles better... I hope).
From TimMorris Wed Mar 30 09:13:07 +0100 2005 From: Tim Morris Date: Wed, 30 Mar 2005 09:13:07 +0100 Subject: Re: Webbased Installing Message-ID: <20050330091307+0100@https://www.ubuntulinux.org>
I think triggering the installation of a program for the browser is acceptable (disagreeing with Corey, but taking on board his comments) _if_ there is a clear seperation of programs and functions to the user. The model here is a media player opening from a web link - the user sees that a triggered b, but that a is not b. I would like program X <click> Runs Add/Remove Programs or Ubuntu Update Manager or even "prettier" synaptic. If the file isn't in the repositories, similar response to firefox with a non-mozilla extension. Spend some time on the ubuntu forums and look at what existing users are trying to do - java, restricted formats, skype - this isn't rocket science stuff. (As an alternative can we just "pirate" the Linspire Click-N-Run http://www.linspire.com/lindows_products_categories.php site and capture users clicks there?) Alternatively some form of integration/click capture on Gnome Files http://www.gnomefiles.org/ ?
From EvanDandrea Thu Apr 14 03:01:42 +0100 2005 From: Evan Dandrea Date: Thu, 14 Apr 2005 03:01:42 +0100 Subject: NO! Message-ID: <20050414030142+0100@https://www.ubuntulinux.org>
I think we need to stop trying to replicate Microsoft's mistakes. If we allow users to download and "run" .deb files from the web then we'll be in that same boat of viruses and spyware that Redmond is. If users have trouble with Java or Skype then put acceptable versions of them in Universe or Multiverse and make adding those repositories as easy as possible, but don't take control over the packages that get installed on a system away from the Ubuntu team. Don't add file associations to Firefox for deb or make a dpkg front-end. Make however many front-ends to apt as you'd like, the Ubuntu team can always easily remove an evil package from archive.ubuntulinux.org, but installing .debs should ALWAYS require the use of a terminal.
From TimMorris Fri Apr 15 10:13:08 +0100 2005 From: Tim Morris Date: Fri, 15 Apr 2005 10:13:08 +0100 Subject: Webbased installing Message-ID: <20050415101308+0100@https://www.ubuntulinux.org>
Three Observations: (1.) If we don't provide an easy/safe way for users to install the functionality they want, they will do it themselves using dodgy instructions found on some blog (actually it sounds like the argument for legalising prostitution). (2.) An idealist position of users only getting software from the ubuntu repository almost works today. What happens when linux gets a little bigger and Adobe Photoshop or Macromedia Dreamweaver is released for linux. The recent release of Acrobat Reader 7 shows Adobe could release Acrobat Pro with little difficulty. (3.) Have another look at linspire's click-n-run. The browser doesn't install a .deb or anything naf like that. It triggers a custom synaptic to call it from the linspire repositories. Its just putting a pretty front end on apt/synaptic. The current interface in synaptic - a list of programs (9wm, a2ps, aa3d, etc) - lacks a certain "something" for most people.
From LukaFrelih Sat Apr 16 20:07:32 +0100 2005 From: Luka Frelih Date: Sat, 16 Apr 2005 20:07:32 +0100 Subject: Sane two-click installs from web, IMHO Message-ID: <20050416200732+0100@www.ubuntulinux.org>
(1) user browses the web catalog or project homepage, clicks on an Install link and gets an install-these-packages file with mime like application/x-web-install, containing mostly names of packages needed for the application on specific distributions or distribution releases
(2) browser knows to run such files with an installer helper, which gets the appropriate package list from the install file, lists package descriptions from the apt cache and sizes and hopefully warns user of missing or uninstallable packages.
(3) user clicks on an Install button, gets prompted for their password, and the software is installed with one of the apt frontends in the same way as it is now
To invent: (only) the actual format for the install-these-packages file and the friendly helper app that uses it.
To discuss for v2.0: what about adding repositories in a similar way? that is far more dangerous, of course. so much more it could be a bad idea altogether. can we get around that with big flashing warning signs?
From EvanDandrea Mon Apr 18 01:43:19 +0100 2005 From: Evan Dandrea Date: Mon, 18 Apr 2005 01:43:19 +0100 Subject: Re: Webbased installing Message-ID: <20050418014319+0100@https://www.ubuntulinux.org>
I agree that the current state of non-free packages is unacceptable (though understandable considering Ubuntu's stance) and that Synaptic is confusing to some users. What I'm proposing is that we put non-free packages such as Macromedia Flash in Universe or some other repository and at the least, make it easier to enable that repository. After all, it's either that or let the user install .debs off the web which would unleash a Pandora's box of spyware, virus, and rootkit problems. Packages with decent open source alternatives, like PDF readers, should be ignored.
I haven't been able to dissect Click 'n Run so I'll take your word on it. If all it's doing is triggering apt, synaptic, or whatever apt front-end you have installed that's fine, though I really don't think it's necessary. Gnome-app-install (perhaps with an additional list of popular packages) or a better category (task-based package selection) and priority system (system program or something the user might actually care about) in deb would be good enough.
From AndrewBetts Thu Apr 21 23:47:05 +0100 2005 From: Andrew Betts Date: Thu, 21 Apr 2005 23:47:05 +0100 Subject: Message-ID: <20050421234705+0100@https://www.ubuntulinux.org>
Everyone is doing a Click-N-Run type software installation system... and with good reason. People like browsing for software like they go shopping. You don't know what you would like to use until you are presented with it, and then you think 'i'll have that' and you should be able to with a few clicks.
From: RobertStoffers
I find Gnome-App-Install kind of pointless. It can't install all applications available in the repositories and the layout in Colony 3 is shocking to say the least. It needs to look more like Synaptic, in other words it needs to split the categories and applications into seperate sections, not all lumped together. This would then negate the need to have "More programs..." also.
PackageManagement (last edited 2008-08-06 16:26:54 by localhost)