What is the safest way to install software that it is not on the main repository?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I would seriously consider trying out the AppImage format.
Although the stock answer in Linux is to always, always use the repositories, there's a growing trend developing for an equivalent to the 'Windows-PortableApps'. This is where Snaps, FlatPaks, AppImages, and the like are coming from.
I know the older Linux stalwarts will have my head in a vice for saying this, but due to the trend of more & more individuals growing disillusioned with Windows - especially given 10's predilection for 'data-harvesting' - there's an increasing number of folks looking for an alternative to the status quo.....and for many, Linux makes the most sense, especially since it's approaching nearly 3 decades in use.
For these individuals, they don't always want to have to learn totally new ways of doing things. They're used to just downloading things, and simply clicking on them to run 'em. Why should they have to be 'turned off' the idea of using Linux (or turned away), simply because we insist on sticking to 'tried & true' principles? Moreover, what's to stop some of us spreading our wings, and moving with the times? Must we remain stuck in the rut of doing things the same way, simply because that's the way we've always done them...?
Linux devs do go out of their way to come up with new ways of doing stuff. The least some of us can do is to give them a try.
I have tried AppImages, as have many others who dislike them. They simply cause problems and aren't as configurable or extensible as building from source or even using package formats like DEB and RPM. If Windows users can't adjust to packaging formats or building from source, then they can stick with their OS - it doesn't matter to me if somebody else ruins their computer with spyware. I really don't understand why people care about making Linux worse to convince Microsoft fans to like it.
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,818
Rep:
Quote:
Originally Posted by 86153c1d-3ebd-4643-8885
I wanted to know which is the safest way to install applications when this are not on the main repository, I mean safe in the sense of both not unintentionally installing malware and not damaging or creating conflicts within my OS.
For software like that (as well as for some software that actually does appear in the distribution's repositories) I compile from sources (under "/opt/app/src/app-name"), specifying when running "configure" an install path under "/opt/app/app-name". The sticky point is that anyone using using those applications needs to source a small script in their profile that I write that updates their PATH and anything else they need in their environment. Small downside, IMHO. Secure? I assume so or there'd be a huge outcry on the 'Net from P.O.ed users. Just because it comes from a distribution's repositories is no guarantee that there aren't security problem in that code.
Wherever you get the source/package from, make sure its a trusted source.
It can be a .deb - but only if it's compatible with your system.
For example, installing a Ubuntu .deb on Debian may well cause problems - and possibly vice versa.
Read your systems documentation about installing foreign packages.
If you have the alien package installed, it's probably reasonably safe to install .rpm etc packages.
Quote:
Alien allows you to convert LSB, Red Hat, Stampede and Slackware Packages
into Debian packages, which can be installed with dpkg.
It can also generate packages of any of the other formats.
This is a tool only suitable for binary packages.
Compiling from source is always safe - provided it came from a trusted source.
But a package from your repository has been tested for compatibility and will receive security fixes and possible updates.
Official repositories is always the safest choice.
Compiling source code is also safe. You can avoid damage and conflicts by using "/opt/<package_name" as prefix with "./configure" command or install and use "stow" to easily activate / deactivate packages.
Compiling from source is not nescessarily "safe". It can ruin your dependencies just as easy as with alien debs.
Although the stock answer in Linux is to always, always use the repositories, there's a growing trend developing for an equivalent to the 'Windows-PortableApps'. This is where Snaps, FlatPaks, AppImages, and the like are coming from.
I know the older Linux stalwarts will have my head in a vice for saying this, but due to the trend of more & more individuals growing disillusioned with Windows - especially given 10's predilection for 'data-harvesting' - there's an increasing number of folks looking for an alternative to the status quo.....and for many, Linux makes the most sense, especially since it's approaching nearly 3 decades in use.
Can only agree with you, Mike. Instead of looking at the technical way things work, we should be looking to the business side of things.
If you look at the trends in the desktop and mobile space, you see the emergence of app stores. And in those app stores you can now mostly find software with in-app purchases. The Ubuntu software repository is an example of the beginning of a similar thing in Linux.
Whatever the underlying technology people just want software to work and to play nice with the desktop environment. That is all most individual end users (and for that matter me myself) long for.
Can only agree with you, Mike. Instead of looking at the technical way things work, we should be looking to the business side of things.
If you look at the trends in the desktop and mobile space, you see the emergence of app stores. And in those app stores you can now mostly find software with in-app purchases. The Ubuntu software repository is an example of the beginning of a similar thing in Linux.
Whatever the underlying technology people just want software to work and to play nice with the desktop environment. That is all most individual end users (and for that matter me myself) long for.
Funnily enough, software is most likely to work and play nice with the DE if it is compiled and optimized for your specific hardware - so not an AppImage.
Funnily enough, software is most likely to work and play nice with the DE if it is compiled and optimized for your specific hardware - so not an AppImage.
Oh man this is such a mess.. If some common ground could be found to converge on, it would mean so much energy not wasted on divergent platforms. Wasted energy becomes frustration, irony and antisocial behaviour. I work in health care so I know (yes, I know, irony there as well). Or do I miss the point completely??
I don't know where you get the impression that running an AppImage will interfere with & 'mess up' your system. A correctly-built one is 'read-only', contains everything required for it to run, and will be designed to run in /tmp for the duration.....and to the best of my knowledge, nothing installed to /tmp will last for more than the life of a session anyway. At power-off, the contents thereof will disappear into cyberspace.....
(*shrug*)
Mike.
Last edited by Mike_Walsh; 03-02-2020 at 05:39 PM.
I don't know where you get the impression that running an AppImage will interfere with & 'mess up' your system.
I don't know where you got the impression that that's what I think.
Quote:
A correctly-built one is 'read-only'...
Which is precisely why they have issues. Blender's Snap package is an ideal example of the problem with the read-only type universal packaging formats, although it isn't an AppImage. It makes it impossible to use the standard method for adding plugins (a very important part of Blender's functionality). It's absurd.
Why are there (apparently) two/three kinds of "universal" things?
Snap and appimage and Flatpack - I might have spelt those wrong as I would never use any of them.
As an example, Snap appears to offer GIMP (version 2.10.0) as a low,low installed size of 209.1MB.
Currently, my installed GIMP - version 2.8.18-1+deb9u1(oldstable) appears as an installed size of 16.7MB.
So that's quite a bit of bloat isn't it?
Of course, my current GIMP has quite a few dependencies - but I can trust a proper package manager to handle all this stuff.
BTW How do these these "universal" images deal with security fixes - or don't they bother?
I'm not saying that these 'portable', use-anywhere formats are suitable for all kinds of applications. I'll be the first to admit that they're not. The example you give - for Blender - is a prime example of an application where this sort of thing is anything but ideal. The GIMP is probably another. However, I still stick by what I said about the way a correctly-assembled package is intended to work.
Unfortunately, there's several 'packagers' out there who simply re-pack .debs & .rpms, with the result that the AppImage is still clamouring for a bunch of system dependencies which your package manager may or may not be able to satisfy.
AppImages offered by the major projects are pretty well guaranteed to work with as many Linux systems, in all their varied permutations, as possible. Out of the 'independents' - operating from platforms such as AppImageHub & BinTray.com - two of the best 'names' to watch out for are probono & AJSlye. These guys keep to the true 'spirit' of the AppImage format, often tracking down an application's source code, then re-compiling it to work with an older glibc & dependencies, before packaging it with absolutely everything required for it to run with as many different combinations of hardware as you can imagine, and thus making it accessible to the largest number of users. I admit, doing this does often result in some pretty humungous packages, but then this format is pretty well aimed at users with fairly modern hardware, with large amounts of RAM and no 'caps' on their ISP's downloads/bandwidth.
------------------------
@ Jeremy:-
As far as security patches/'fixes' are concerned, you simply delete the old AppImage & download and use the newer version. See my comment above about being mainly for users who are unconcerned about bandwidth.
'Snaps' are Canonical's 'baby'. FlatPaks are the preferred variant from the RedHat 'stable'. The AppImage format is, by & large, independent. Competition, you see.....
---------------------------
The following is from the top of appimage.org's home webpage, and gives an insight into the mindset of the people involved in this packaging method:-
Quote:
Linux apps that run anywhere
"As a user, I want to download an application from the original author, and run it on my Linux desktop system just like I would do with a Windows or Mac application."
"As an application author, I want to provide packages for Linux desktop systems, without the need to get it 'into' a distribution and without having to build for gazillions of different distributions."
Hence, why these things, by their very nature, have to be totally self-contained.....even though that does often result in the AppImage installing to /tmp copies of stuff that may already exist elsewhere on your system. And to many individuals, that's just pointless.
Mike.
Last edited by Mike_Walsh; 03-04-2020 at 07:17 PM.
In other words - its for someone who wants it to work like Windows, even though they don't understand why that's a really bad idea?
Pretty much, yes, I would say. Which is why I predicted that Linux 'stalwarts' would be raining down fire & brimstone upon my head for daring to even mention such a concept.....
The world is changing, and the majority of folks want life as easy as possible. That's one of MyCrudSoft's biggest 'legacies' to the global tech community, I'm sorry to say.....though these things work, as stated above, really well for us in 'Puppyland'. Far more Linux users these days are 'silver surfers' than you may believe, and for myself (pushing 60), though I still love Linux, I no longer have the energy & enthusiasm to simply 'prat about' with the system purely for its own sake. For me, the focus has shifted from the system as an end in itself, to simply 'using' the system, in as easy & fuss-free a way as I can make possible.
For me, AppImages are ideal. I don't ask, much less expect anybody else to have to like them.
Mike.
Last edited by Mike_Walsh; 03-02-2020 at 07:23 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.