Ubuntu QA:
BlogBrainstormPackage status
Log in
Ubuntu QA
The Ubuntu community has contributed 21986 ideas, 135057 comments, 2615221 votes
Idea sandbox Idea sandbox
Popular ideas Popular ideas
Ideas in development Ideas in development
Implemented ideas Implemented ideas
Idea #12520: Adding a line in software source and instaling in 2 clicks

Written by MIlentije the 25 Aug 08 at 01:13. Related project: Synaptic package manager. Status: New
Rationale
I think installation of third party software can be more simple.

Now when you are installing a new third party software you must add a line in software source, then update, then you open synaptic or add/remove or terminal and search for the program or type a command.
Tags: (none)

-6
votes
up equal down
Solution #1: Adding a line in software soruce and instaling in 2 clicks
Written by MIlentije the 25 Aug 08 at 01:13.
Suggestion is, while you are surfing the internet Ubuntu ppa lines change into install buttons. When you click (1`st click) it ask you: Do you wish to add new ppa line and install software? You click "Yes" (2`nd click), it automatically add a line, update and install new software.

This way of installation would be more comfortable and with better user experience.
9
votes
up equal down
Solution #2: Provide a GUI for adding PPA's
Written by caish5 the 31 Aug 08 at 15:36.
Many software applications provide a PPA as the way to install the latest version to Ubuntu. At present you need to edit sources.list or go into the arcane synaptic app.
146
votes
up equal down
Solution #3: Use Apturl
Written by Id2ndR the 15 Feb 09 at 16:59.
PPA's should be able to be added by apturl. Every PPA should automatically have a package that adds the PPA to your system, and also adds the key. This way adding a PPA to your system would be as simple as selecting which release you are using and clicking a link.
4
votes
up equal down
Solution #4: use RUNZ
Written by sf_007 the 15 Jun 09 at 02:09.
RUNZ allows the use of portable apps, therefore it makes it easy to deploy software, without the need to install. It should NOT replace APT, however, it would be a nice addition:
http://hacktolive.org/runz
1
votes
up equal down
Solution #5: Make 'deb' links autodetected in Firefox
Written by oddeyed the 26 Jun 09 at 15:59.
Using greasemonkey, or another method, make it so that when a 'deb' link is detected, it will automatically become an apt url, and it can be simply clicked, and the 'Software Sources' program will open, go by itself to the 'Third Party Software' tab, and it will automatically add itself. This could be included in the 'Ubufox' Firefox addon.

Furthermore, when adding a program to the 'Software Sources' program, rather than just adding the 'deb' line, have a second box for a comment or description of the repository - for example 'Google Chromium daily builds'. This would be much better than what is the current situation; having to follow the deb line in the address box with a '#' and then insert the comment.
2
votes
up equal down
Solution #6: Make it a wizard.
Written by onyxwolf the 8 Apr 10 at 17:17.
There is a GUI way currently; however, the GUI way to add new repositories can be confusing to new users (or non-CLI users). So difficult to understand that most developers who maintain their own repositories don't bother to give that way to add their repositories and the non-CLI user sees that you have to use CLI (some shutter at the word terminal, others will open terminal and freeze at the blinking underline at the initial prompt) and say nevermind, point me at the .exe (this is where you have to explain .deb). Currently the CLI is the easiest way... For example, Currently the CLI way to add the GLX-Dock (Cairo-Dock) Stable repository is

sudo -v
echo "deb http://repository.glx-dock.org/ubuntu $(lsb_release -sc) cairo-dock ## Cairo-Dock-Stable" | sudo tee -a /etc/apt/sources.list
wget -q http://repository.glx-dock.org/cairo-dock.gpg -O- | sudo apt-key add -
sudo apt-get update

While the current GUI way is to "enter in the complete APT line" which is "deb http://repository.glx-dock.org/ubuntu karmic cairo-dock" but what new user knows that. They shouldn't have to google what an APT line is. Then, the repo authentication is completely separate, which it shouldn't be.

The wizard could be one that can ask for each item per window, having some in a drop down type menu. The easiest and quickest way (and one that I think will be the easiest to implement for developers on their sites) will be a single text-table with multiple lines. That way they can use the same copy paste functionality as using CLI, but not as confusing or actually having to use terminal. Taking the example above...

1st Window-- New Other Software Source
Enter Software Source Information:
Source Type (text-table)deb (/text-table)
Source URL (text-table)http://repository.glx-dock.org/ubuntu (/text-table)
Distribution (text-table)Karmic (/text-table)
Components (text-table)cairo-dock (/text-table)
Comments (text-table)Cairo-Dock-Stable (/text-table)
(Button)cancel(/Button) (Button)Add Source(/button)

2nd Window-- Authentication
Enter Key Information or Import Key:
Enter Key URL (text-box)http://repository.glx-dock.org/cairo-dock.gpg (/text-box)

(Button)cancel(/Button) (Button)Get Key(/button) (Button)Import Local Keyfile(/Button) (Button)Skip Authentication(/button ## causes warning pop-up)

After they complete it, the wizard will auto create the APT-line and add it to sources.list without the end-user caring how that works, and apt-get will automatically update, then they can go to Software Center and get the wanted software.

Maybe even tie the two together, so you can hit a button from Software Sources that opens Software Center and it will show the packages from the newly added source.

So on GLX-Dock.org, the installation instructions will be...
To install--
Via GUI-- open System > Administration > Software Sources. Go to the Other Software Tab. Hit the add button. Copy the below and paste to the text box in the New Other Software Source window:

deb
http://repository.glx-dock.org/ubuntu
Karmic
cairo-dock
Cairo-Dock-Stable

Then in the Authentication Window enter in:

http://repository.glx-dock.org/cairo-dock.gpg

Then hit the "Get Key" button. Then open Software Center and install GLX-Dock!!!
3
votes
up equal down
Solution #7: Use a custom xml file similar to RSS
Written by radel the 11 May 10 at 13:20.
With RSS we can subscribe to news feed, right?
Then with an hypothetical PPA we could subscribe to repository. It could be a simple XML file format with the classic ppa:foo/foo line and some other informations. Being a mime/type we can easily handle it, right?

Example:
In every PPA page just put a subscribe button, when you click on it it fires up ubuntu software center who can handle that PPA format and add the repo, simple as hell.

Also, software center could show "hottest" third party PPA (most subscribed) and things like that.
10
votes
up equal down
Solution #8: Add GUI in Package Manager for apt-add-repository ppa:
Written by chipbennett the 9 Nov 09 at 22:19.
In Karmic, sudo apt-add-repository ppa: will add a PPA, with GPG key, to the sources list.

A GUI should be added to the options/software sources section of the package manager (KPackageKit in Kubuntu, and in Ubuntu, such that the user enters the PPA name in a text field, and the PPA is added using apt-add-repository (with appropriate PolicyKit configuration for the sudo command).

Something like:

PPA Name: [TEXT FIELD] ["Add PPA" button]

See example of apt-add-repository:
http://www.ubuntugeek.com/ubuntu-tip-simplified-way-to-add-ppa-repositories-in- karmic.html
7
votes
up equal down
Solution #9: Connect this procedure with Apparmor!
Written by Lachu the 19 Nov 09 at 14:36.
The main reason, why we can't simple allow to automatically add additional repository is a security - newbie will add whatever repository to get installed few programs, either repository are untrusted.

User will be asked, he will install software/add repository, but additionally file contains repositories definition can contain category(connected to apparmor profile).

So dialog asking to add new repository could contains information:

"This action will add new repository to your system of games profile

Agree?
Yes|No"

I know, it's hard to realize, but this is only way. We need to integrate all software management tool to creating Apparmor profile of each installed program. It must also reads information about categorization.

In future we can prevent to game override files of system tool.
101
votes
up equal down
Solution #10: Import PPA Key from Launchpad in Software Sources
Written by jblackhall the 27 Jan 09 at 05:36.
I would be nice if PPA keys were somehow automatically imported if the PPA is added. Alternatively an easy way to enter (for example) "B9F2A424372C883C411D917F5AFADBD4AA1C92B0" and have it import the gwibber-team PPA key, since that is the string listed on the PPA page.
-17
votes
up equal down
Solution #11: user-keyring package
Written by tgm4883 the 27 Jan 09 at 05:57.
The key should be automatically in a package on the users/teams PPA. Then, to add the key, all the user has to do is apt-get install user-keyring (obviously the user part would be replaced with the PPA owners name)
28
votes
up equal down
Solution #12: Provide a Key File for the user to import
Written by Vadim P. the 28 Jan 09 at 18:17.
Right now, the user manually makes the key file and imports it.

Would be easier if there was an already-made key file they could just download and import.
11
votes
up equal down
Solution #13: gpgurl
Written by medigeek the 25 Feb 09 at 20:08.
Basically solution #3 but with a slight change

There should be a link to use a gpg-url key, e.g. gpg://keyserver.ubuntu.com/B5140445

Which would get the server and the key to import it from.
4
votes
up equal down
Solution #14: Auto-generate a deb that imports the key and adds the PPA
Written by fasaxc the 24 Aug 09 at 19:50.
The launchpad system could auto-generate a deb containing the key and the PPA link to add to sources.list. When installed, it would add the key and the source. The deb could be signed by ubuntu so that it can't be tampered with.

I'm thinking the deb would just be a download from the PPA site, not in the PPA or in the synaptic repository and would install via gDebi (for example).

This approach (or a similar one) is used by ubuntu-one.

Propose your solution

Attachments
No attachments.


Duplicates


Comments
cheesehead (Brainstorm admin) wrote on the 26 Aug 08 at 01:43
One-click repository additions is a great way to con unsuspecting users into adding a poisoned repo.

A lot of current third-party packages use the current repos or distribute .deb files.

How is a profusion of one-click repos superior to the current repo and .deb solutions?

Auzy wrote on the 26 Aug 08 at 03:36
What difference does it make though? The website could simply download a tar.gz with a binary in it instead thats trojaned.

There is no real extra security risk here actually I feel. The same people who fall for this, would just follow the instructions themselves. Inconveniencing users is not the same as good security.

Also, this way, users could be warned that they shouldn't enable repos they don't trust, and the system could also point to a conversation thread about the repo too in ubuntu forums (so people can discuss it).

This gives users an excellent way to determine the security of the repo, discuss it, review it, and make it easy to set up.

Endolith wrote on the 8 Jun 09 at 14:11
https://bugs.launchpad.net/soyuz/+bug/376603

cheesehead (Brainstorm admin) wrote on the 9 Jun 09 at 01:37
Updated Solution #1, replacing the Autogenerated solution.


Post your comment