ytop icon indicating copy to clipboard operation
ytop copied to clipboard
verified publisher icon cjbassi

APT repository

Open azlux opened this issue 6 years ago • 5 comments

Hi, I've setup my personal apt repository for some projects. It's great when speaking about upgrades. I've setup an auto-update for ytop releases based on github. If, like me, you prefer apt to install manually updates. you can already use it. You can see it at : http://packages.azlux.fr/ All scripts I use are public. My repository is public, so I propose you to add this repo as "unofficial repository" into the install docs if you want to.

Best regards, Azlux

azlux avatar Feb 10 '20 14:02 azlux

This looks cool. I'm not familiar with APT so if people add your repository, then they can just do a sudo apt-get ytop or something? But what about security concerns, like if you decided to sneak in a custom version of ytop? ;)

cjbassi avatar Feb 10 '20 21:02 cjbassi

here the full procedure (quote from the site):

echo "deb http://packages.azlux.fr/debian/ buster main" | sudo tee /etc/apt/sources.list.d/azlux.list
wget -qO - https://azlux.fr/repo.gpg.key | sudo apt-key add -
apt update
apt install ytop

About security :

  • all packages are signed, even on http, MITM are check for all files.
  • If I decide to sneak, dpkg -L give you all files installed with a package. You can always check the md5/sha1 checksum. Some tools exist like debsums who give checksum of all files automatically. I always use pre-compiled from github release, check can be done easily. (I can even give you read access on my repo container)

There are always a part of trust if it's not on your own server (even with company or non-profit association). That why we mostly mention the repos on docs with "unofficial repo" or "third-party repo".

Best regards, Azlux

azlux avatar Feb 10 '20 23:02 azlux

Out of curiosity, if I understand correctly we can simply use Launchpad for the same purpose?

FranklinYu avatar Mar 03 '20 06:03 FranklinYu

@FranklinYu Indeed it's almost the same. You can copy my script to create the .deb and use the repo on lauchpad. It's the same purpose.

The only difference is the need of the additional package add-apt-repository because launchpad have specific key management (or you can avoid the package by manual enter the footprint key signature)

But like my repo, you need to monitor code deployed in case of account leak because It's not your own server.

azlux avatar Mar 03 '20 10:03 azlux

Adding a deb to the releases would also be great!

ardabbour avatar Mar 11 '20 18:03 ardabbour