On Debian-based distros, when an app is available as a DEB or an AppImage (that doesn’t self-update), but no APT repository, PPA or Flatpak, the only option is to manually download each update, and usually manually check even whether there are updates.

But, what if those would be upgraded at the same time as everything else using the tools you’re familiar with ?

dynapt is a local web server that fetches those DEBs (and AppImages to be wrapped into DEBs) wherever those are, then serves these to APT like any package repository does.

I started building it a few months ago, and after using it to upgrade apps on my computers and servers for some time, I pre-released it for the first time last week.

The stable version will come with a CLI wizard to avoid this manual configuration.

Feedback is welcome :)

  • cqst
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    4 months ago

    Why does Debian-Ubuntu not provide a simple command for this?

    You aren’t supposed to add repos. Ever. https://wiki.debian.org/UntrustedDebs

    Apt is not built with security in mind, at all. The partial sandboxing it does do is trivial to bypass. Adding a repo is basically a RAT Trojan on your computer.

    An example is signal-desktop

    Yeah don’t use signal. They restrict freedom 3 by making distribution difficult. Thats why they trick you into using their RAT repo.

    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842943

    The least bad option is the unofficial flatpak.

    • JubilantJaguar@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      4 months ago

      Apt is not built with security in mind, at all. The partial sandboxing it does do is trivial to bypass. Adding a repo is basically a RAT Trojan on your computer.

      OK. I suppose this is the correct answer.

      The least bad option [for Signal] is the unofficial flatpak.

      Unless I’m missing something, here we will disagree. Secure or not, FOSS principle-respecting or not, if I’m choosing to install software by X then I’m going to get it straight from X and not involve third-party Y too.

      • cqst
        link
        fedilink
        arrow-up
        1
        ·
        4 months ago

        Unless I’m missing something, here we will disagree. Secure or not, FOSS principle-respecting or not, if I’m choosing to install software by X then I’m going to get it straight from X and not involve third-party Y too.

        Source code is like a recipe. Getting your food from the chef who made the recipe is fine, but getting it from another chef who… followed the same exact recipe is no different.

        This is how the linux software distribution model works, distro maintainers are a CHECK on upstream.