Ubuntu Tutorials : Dapper – Hardy – Intrepid – Jaunty / AptURL : Web Based Package Installation

Skip to content

AptURL : Web Based Package Installation

Some of you may have seen some recent posts around the Ubuntu Planet about the new AptURL project that is default in Ubuntu 7.10 “Gutsy”. I wanted to make a few comments about it myself after tinkering with it a little. I think the project and idea is pretty cool and I hope it sees some more use.

I may be updating my blog in the future to take advantage of AptURL. I suppose to maintain backwards compatibility I’ll need to use both, but we may begin seeing tutorials along these lines:

Example…

Installing non-free codec pack

sudo aptitude install ubuntu-restricted-extras

For those using Ubuntu 7.10 you should be able to simply click the link and the package should prompt for installation. If it does not try installing the apturl package. Those still using previous versions will still need to type the command on the command line.

Does anyone have any thoughts on seeing this on the blog moving forward? Good? Bad? Indifferent? I think it may make some tutorials a bit simpler for some users.

If this site has been useful, please consider participating in the Fundraiser.

Other Points of Interest

No Related Post

Post a comment — Trackback URI RSS 2.0 feed for these comments This entry (permalink) was posted on Tuesday, October 23, 2007, at 6:45 am by Christer Edwards. Filed in News.

21 Comments

Carsten

Sorry, that was just for the “generic” tutorial, but specifically for aptURL: Yes, why not, but please try to use both ways as long as possible, especially on non-Ubuntu-only topics so that Debian users can also profit from it!

Posted on 23-Oct-07 at 7:13 am | Permalink
Jim

This is a neat idea but doesn’t it open up the potential for malicious activity? For example, someone searching for how to install multimedia codecs could find a page that purports to install them but instead the link installs a key logger or root kit. Granted, such packages would not likely be in the repos so there is still a layer of protection but how long will it be before bogus repos could be added (maybe that can already be done) or simply use social engineering to convince the user that the new repos are needed. The more new users we see, the more likely they are to click, click, click to install the tools they want and the more susceptible they will be. I’m not saying it’s a bad idea, I’m just wondering about the potential for abuse.

Posted on 23-Oct-07 at 7:17 am | Permalink
Luca

Well, I have to say it is a wonderful idea – just one little rant: why don’t you have made it function for konqueror and kde also? If I click on the link in konqueror a new apt:/ tab will open, no prompting for installation.

If you could bring this to KDE also it would be wonderful…a bit of a shame KDE generally has to wait one distro more than GNOME for these things (see restricted-manager) :’(

Posted on 23-Oct-07 at 7:19 am | Permalink
Ubuntu Tutorials

Jim – the only way I know of for this to be a security problem is to tell the users in the tutorial to add third-party repositories. As I understand the functionality the apt: link will search the currently configured repositories on the machine and search for the package. There really is no way for me to spoof the package. I think this is actually *more* secure than me directly linking to a package, which I *can* spoof or alter. This ensures that the package is coming from *your* configured repositories and no place else.

Posted on 23-Oct-07 at 7:31 am | Permalink
Vincent

I think we will see something similar to what you now see with OpenSUSE’s one-click install. Just an image saying “install for Ubuntu 7.10″. Most packages are made for a single version of Ubuntu anyway.

Posted on 23-Oct-07 at 8:53 am | Permalink
Luke Hoersten

@Jim: I had the same concerns about spoofing users when I saw this and I still do. Users are going to be used to just clicking links to install stuff. Well what happens when someone links directly to a .deb with some malicious purpose? Currently, non-tech-savvy users feel like something is wrong because they aren’t used to installing external .debs. But if they are accustom to clicking links, these mental red flags wont be going off and then we have the same problem Windows has. Basically, a huge downside I see is that now we are requiring users to understand different trust levels. Before, there was really only the repo and that was it. No understanding of trust was needed.

Posted on 23-Oct-07 at 9:44 am | Permalink
Sokraates

It’s a nice idea but I think that it’s use will be mostly limited to new users. Since only the already configured repositories are used, apt-url is a great way to help people satisfy their early needs.

But soon they will look for things that are not in the official repositories (codecs, newer versions of certain applications etc). This is where the not so good old way of installing debs or adding third party repositories returns.

openSUSE goes farther by allowing it’s one-click install to set up the new repository and immediately download the desired software. Therefore it’s definitely less secure than apt-url but at least it is a solution for the (rather common) problem of having to add new repositories or download single debs.

Posted on 23-Oct-07 at 9:46 am | Permalink
Diwaker

Hmm, doesn’t work for me. I’m running 7.10, and testing this on Firefox.

Posted on 23-Oct-07 at 11:41 am | Permalink
yeKcim

i use apturl to write my tutorial on my (french) blog and everyone seems to be happy to use it :

http://yeknan.free.fr/blog/index.php?2007/10/03/190-logiciels-sous-ubuntu-710-gutsy-gibbon
http://yeknan.free.fr/blog/index.php?2007/10/03/189-jeux-sous-ubuntu-710-gutsy-gibbon

Posted on 23-Oct-07 at 12:22 pm | Permalink
Killerkiwi

Why was this not installed as a gconf protocol!!!! Using just firefox is very limiting… what about rss reed readers!!!

Posted on 23-Oct-07 at 1:05 pm | Permalink
BluJai

I think that is a great idea! I often email links to blog postings to less-Linux-savvy friends (but fellow Ubuntu users). It would be quite handy to aid their implementation.

Posted on 23-Oct-07 at 1:23 pm | Permalink
Marius Scurtescu

Having links that add repositories is the next step. Such a feature should probably not be enabled by default, but it should be there for power users.

Using something like this under maemo (Nokia N800), and it is quite useful.

Posted on 23-Oct-07 at 1:41 pm | Permalink
jh

I don’t see how this is a security risk. Right now, if people click on a .deb, it’ll open it up and offer to install it in gdebi. If you click on this, it’ll get it from your repos. The fact is, if you have poisoned items in your repos already.. then the trouble isn’t from a website using apt-url.. the trouble has already happened.

Posted on 23-Oct-07 at 5:08 pm | Permalink
Dwight

What?

sudo aptitude install this-blog!

better

Posted on 23-Oct-07 at 7:00 pm | Permalink
Cadraig

This is great, I’ll make sure that I link like that for any packages I refer to from my blog. This seems like a win-win. The more links non-Ubuntu users see to Ubuntu packages, the more they will be attracted towards trying them out, the bigger the userbase!

Posted on 24-Oct-07 at 2:29 am | Permalink
RainCT

Great, I’d like to see more sites using this.

The only things that I don’t like with apt-url are: a) it doesn’t work on Liferea; and b) when it asks if you want to install the package, there is no option to see a description of the package.

Posted on 24-Oct-07 at 3:39 am | Permalink
nosrednaekim

If any of you are wanting this for KDE/Konqueror, go to Tonio’s personal package archive and download his kio slave for apt.

http://ppa.launchpad.net/tonio/ubuntu

Posted on 25-Oct-07 at 8:26 am | Permalink
Igor

Sorry, this is the link:

http://igordevlog.blogspot.com/2007/10/dear-lazy-web-i-need-html-button.html

Posted on 25-Oct-07 at 12:51 pm | Permalink
Wolfger

I’ll second Luca’s “rant” about it not being KDE friendly. Sounds like a great tool, but it comes with too much Gnome-specific baggage for me.

Posted on 25-Oct-07 at 2:13 pm | Permalink
Andy

I hope you appreciate the irony in the: “apt:apturl” link

Posted on 25-Oct-07 at 11:26 pm | Permalink
Akira Ohgaki

This is good idea.

http://conceptualcaves.com/goodies/aptthis/

Posted on 26-Oct-07 at 5:43 pm | Permalink

4 Trackbacks/Pingbacks

Post a Comment