On Debian-based distros, when an app is available as a DEB or an AppImage (that doesn’t self-update), but no APT repository, PPA or Flatpak, the only option is to manually download each update, and usually manually check even whether there are updates.

But, what if those would be upgraded at the same time as everything else using the tools you’re familiar with ?

dynapt is a local web server that fetches those DEBs (and AppImages to be wrapped into DEBs) wherever those are, then serves these to APT like any package repository does.

I started building it a few months ago, and after using it to upgrade apps on my computers and servers for some time, I pre-released it for the first time last week.

The stable version will come with a CLI wizard to avoid this manual configuration.

Feedback is welcome :)

  • Asetru@feddit.org
    link
    fedilink
    arrow-up
    4
    ·
    2 months ago

    Sorry to be that guy, but this sounds like a cybersecurity nightmare. While everybody was busy to come up with schemes that make absolutely sure that only trusted sources can update a system to avoid having malicious players push their code to users, this one just takes any rando’s pile of whatever and injects it straight into the system’s core? Like, that doesn’t sound like a good idea.

    • KaKi87@jlai.luOP
      link
      fedilink
      arrow-up
      7
      ·
      2 months ago

      Well, I’m just automating what people currently have to do manually : visit GitHub and download DEB and install DEB.

      If the automated process would be dangerous then the manual process also would be, and that would be on the maintainer for not providing an APT repository or a Flatpak, not on the user for just downloading from GitHub.

      • cqst@lemmy.blahaj.zone
        link
        fedilink
        arrow-up
        2
        arrow-down
        2
        ·
        edit-2
        2 months ago

        Well, I’m just automating what people currently have to do manually : visit GitHub and download DEB and install DEB.

        Yeah. You should never do that. Like ever. Build from source; or use a vendored tarball. https://wiki.debian.org/DontBreakDebian

        .deb is a terribly insecure nightmare thats held up by the excellent debian packagers, gpg , and checksums, and stable release model. don’t use .deb files.

          • cqst@lemmy.blahaj.zone
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            edit-2
            2 months ago

            I’m and end user

            Yeah, we all are. What’s your point?

            End users are also developers. All computer users are developers. You are developing.

            user working for end users

            By making a script that lets me get backdoors and shitty packages with ease? The linux package distribution system is a nightmare, Debian is the least bad approach. There is basically always a better option to using a .deb file. If you come across something that isn’t packaged, I recommend Flatpak, building from source (and installing unprivileged), or using the developers vendored tarball (installing unprivileged).

            https://wiki.debian.org/SecureApt

            By using local .debs you lose the benefit of:

            Reproducible builds

            GPG checksums

            Stable release model

            debian security team

            • KaKi87@jlai.luOP
              link
              fedilink
              arrow-up
              1
              ·
              2 months ago

              My point is that I’m working a solution for end users.

              The solutions you’re offering are not user-friendly.

    • markstos@lemmy.world
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      2 months ago

      No matter where you install from, you have to trust the source. Indeed, you have to trust every step in the supply chain.

      If you are getting your code straight from the author, you are eliminating an exploit that’s introduced by a compromised account of a packager.

      Carry on.

      • cqst@lemmy.blahaj.zone
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        2 months ago

        If you are getting your code straight from the author,

        Which is not what you are doing at all with a .deb file. A .deb file is a binary with a bunch of scripts to “properly” install your package. Building from source is what you SHOULD be doing. Debian has an entire policy handbook on how packages are supposed to be packaged. Progrmatically you can review the quality of a package with ‘lintian’. .debs made by developers following a wiki tutorial can’t even come close. remember, apt installs happen as root and can execute arbitrary code.

        Also, debian packagers can be project maintainers, so they can be “the author.”

    • λλλ@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      I see it more as a local repo. Like, setup the repo to do what you would have done manually so that you don’t have to do it on multiple computers. I could be misunderstanding it though.