Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 46

Thread: Best way to install packages

  1. #11
    Join Date
    Mar 2010
    Location
    Been there, meh.
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Best way to install packages

    Quote Originally Posted by joepesci2 View Post
    Ive installed Ubuntu with minimum software, only installed the desktop environment.
    Ive then installed Firefox using apt:

    If Firefox releases a new version in a while, will it automatically update when i will do apt update-upgrade?
    How do i know which software i will need to add a repository to the Ubuntu archive?

    Sorry if im repetitive or these are silly questions, but i like to establish the knowledge and basic operation well.

    Thank you for your help and tips.
    If you use apt (or any apt-based front-end) to install debian packages, then, yes, update/upgrade will get the version for the OS you are running, updated for security issues and sometimes for new features. However, the goal of any "release" is stability, so don't expect new features for 99% of the packages, just bug fixes and security updates.

    Now, Canonical has also decided to "help us" migrate to using snap packages. They do this for firefox, chromium, thunderbird, and a few other things. For those things, using apt install will pull a tiny .deb file that forces the snap version of the package to be installed. This can be desirable or terrible, depending on your needs and the specific package.

    By default, snaps packaged software checks for updates 4x every day. It is possible to change the period and delay checking, but as we all know, the tyranny of the default is a real thing.

    I patched once a week, usually on Saturday mornings, so my systems are stable and ready for work all the other days. About once every 3-5 yrs, something bad will happen with one of these patched upgrades, so I'd rather not waste time on Monday trying to solve a stupid issue. I want my computers to earn money and help me deal with clients. I've found how to use some snap commands to delay snap updates to happen only on Saturdays. Sadly, at 12:01am, Saturday, any snap packages are queued up to go and hunt for updates. It messes with my system backups. The snap interface doesn't allow finer control, sadly. I could do some network blocking outside of snapd, to get what I want, but that's a little more effort than I can justify.

    There are reasons why I only use LTS releases: https://blog.jdpfu.com/2010/07/29/wh...-linux-desktop --- it is a bit old, but still relevant. Package management and easy maintenance is a key reason why I've been using Linux a very long time. More important than any GUI, at least to me.

    The summary of my preferred order to choose to install programs is this:
    1. repo,
    2. snaps,
    3. PPAs,
    4. source,
    5. deb files


    More discussion on each

    • Always start with using the Distro packaged solutions first. APT.
    • Next, look for a trusted PPA and use that. PPAs integrate into the normal OS patching and a trusted PPA would provide updates as needed when dependent packages are updated.
    • Next would be a Snap/Flatpak/AppImage package. There are some downsides and upsides to using these. Canonical seems to think our computers are smartphones with 1 storage device and I suppose for that situation, Snaps aren't THAT bad. But they don't allow local control and people using more storage are likely to bang their head's into storage access restrictions.
    • Next would be a .deb/.rpm file. This will most likely break package dependencies and in 3-6 months, 1 package can prevent other important core packages from being updated. This is commonly known as "RPM Hell", but "APT Hell" would better fit on Ubuntu. There are 2 solutions for APT Hell. Remove the original .deb file that was manually installed OR do a fresh - clear-field - nuked-from-orbit - OS install.
    • Next would be using source code. This assumes it is a compiled language. For some small script programs (python/GoLang/Perl/Bash), that work in highly dynamic ways and need updating weekly, it would be preferred to use the original script install/update method and not the .deb file or snap or PPA or even Canonical Repos. But for larger projects with multiple dependencies and compiles, best to avoid manually installation, since this means you've just accepted the need to redo this at least monthly for as long as the system uses that program. All to stay patched and current.


    I think that list handles most situations. There can be exceptions, but those really need to be avoided by people who cannot fully commit to maintaining their systems.

    Snagged that from a LUG presentation I did a few years ago.

  2. #12
    Join Date
    Nov 2024
    Beans
    Hidden!

    Re: Best way to install packages

    Quote Originally Posted by TheFu View Post
    If you use apt (or any apt-based front-end) to install debian packages, then, yes, update/upgrade will get the version for the OS you are running, updated for security issues and sometimes for new features. However, the goal of any "release" is stability, so don't expect new features for 99% of the packages, just bug fixes and security updates.

    Now, Canonical has also decided to "help us" migrate to using snap packages. They do this for firefox, chromium, thunderbird, and a few other things. For those things, using apt install will pull a tiny .deb file that forces the snap version of the package to be installed. This can be desirable or terrible, depending on your needs and the specific package.

    By default, snaps packaged software checks for updates 4x every day. It is possible to change the period and delay checking, but as we all know, the tyranny of the default is a real thing.

    I patched once a week, usually on Saturday mornings, so my systems are stable and ready for work all the other days. About once every 3-5 yrs, something bad will happen with one of these patched upgrades, so I'd rather not waste time on Monday trying to solve a stupid issue. I want my computers to earn money and help me deal with clients. I've found how to use some snap commands to delay snap updates to happen only on Saturdays. Sadly, at 12:01am, Saturday, any snap packages are queued up to go and hunt for updates. It messes with my system backups. The snap interface doesn't allow finer control, sadly. I could do some network blocking outside of snapd, to get what I want, but that's a little more effort than I can justify.

    There are reasons why I only use LTS releases: https://blog.jdpfu.com/2010/07/29/wh...-linux-desktop --- it is a bit old, but still relevant. Package management and easy maintenance is a key reason why I've been using Linux a very long time. More important than any GUI, at least to me.

    The summary of my preferred order to choose to install programs is this:
    1. repo,
    2. snaps,
    3. PPAs,
    4. source,
    5. deb files


    More discussion on each

    • Always start with using the Distro packaged solutions first. APT.
    • Next, look for a trusted PPA and use that. PPAs integrate into the normal OS patching and a trusted PPA would provide updates as needed when dependent packages are updated.
    • Next would be a Snap/Flatpak/AppImage package. There are some downsides and upsides to using these. Canonical seems to think our computers are smartphones with 1 storage device and I suppose for that situation, Snaps aren't THAT bad. But they don't allow local control and people using more storage are likely to bang their head's into storage access restrictions.
    • Next would be a .deb/.rpm file. This will most likely break package dependencies and in 3-6 months, 1 package can prevent other important core packages from being updated. This is commonly known as "RPM Hell", but "APT Hell" would better fit on Ubuntu. There are 2 solutions for APT Hell. Remove the original .deb file that was manually installed OR do a fresh - clear-field - nuked-from-orbit - OS install.
    • Next would be using source code. This assumes it is a compiled language. For some small script programs (python/GoLang/Perl/Bash), that work in highly dynamic ways and need updating weekly, it would be preferred to use the original script install/update method and not the .deb file or snap or PPA or even Canonical Repos. But for larger projects with multiple dependencies and compiles, best to avoid manually installation, since this means you've just accepted the need to redo this at least monthly for as long as the system uses that program. All to stay patched and current.


    I think that list handles most situations. There can be exceptions, but those really need to be avoided by people who cannot fully commit to maintaining their systems.

    Snagged that from a LUG presentation I did a few years ago.



    Lets say i will install Obsidian via apt.
    If Obsidian releases a new version of their software in a few months, will it also update to that new version by running apt update/upgrade? Once i install Obsidian for the first time via APT, does it automatically add the Obsidian PPA or would i have to add it manually later?

    I have read your post carefully and i see that APT is definitely your favorite method, however i cant find any reason or argument for using Snap.
    It seems that even Flatpak would go way before Snap.
    Is there any advantage to using Snap? maybe there is but i cant see it.

    I dont really like having some applications via apt, some via snap, some via .deb... I mean, if everything can be done effectively, safely and consistently via APT, i think that would be great.

    Thank you very much for your help and kindness.

  3. #13
    Join Date
    Mar 2010
    Location
    Been there, meh.
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Best way to install packages

    Quote Originally Posted by joepesci2 View Post
    Lets say i will install Obsidian via apt.
    If Obsidian releases a new version of their software in a few months, will it also update to that new version by running apt update/upgrade? Once i install Obsidian for the first time via APT, does it automatically add the Obsidian PPA or would i have to add it manually later?
    Depends on what a "new version" means. It is contains bug fixes or security patches, then the version would change from 1.5.3 --> 1.5.4 and that would get updated. OTOH, if the updates are for new "features", then no, it wouldn't. Feature updates usually happen in 1.5.3 --> 1.6.x OR 1.5.3 --> 2.0.0 upgrades. Remember, the goal is for the software to be stable and NOT to add any new features.

    If you want new features, then you'll need either a flatpak or a snap or a PPA or the source code or a compatible .deb from someone on the internet which may or may not have nefarious extra code.

    Quote Originally Posted by joepesci2 View Post
    I have read your post carefully and i see that APT is definitely your favorite method, however i cant find any reason or argument for using Snap.
    It seems that even Flatpak would go way before Snap.
    Is there any advantage to using Snap? maybe there is but i cant see it.
    I'm not a fan of snaps or flatpaks for the most part. They are bloated, slow, have constraints that cannot be removed. You can read in long threads in these forums about all the reasons snaps may not be great for everyone. I've never used a flatpak and don't have any interest.

    I use AppImages for a few things. These are un-constrained, single-file, tools what are also bloated, slow, and contain, in theory, all the required dependencies for a program to run. AppImages don't get in my way like snaps and flatpaks do. They don't automatically update either. To update an appimage, assuming it doesn't have self-updating built-in, I have to go and file the location of the appimage to see what's there.

    Quote Originally Posted by joepesci2 View Post
    I dont really like having some applications via apt, some via snap, some via .deb... I mean, if everything can be done effectively, safely and consistently via APT, i think that would be great.
    I don't either, but I also enjoy the flexibility that different options provide. Be careful about the source for any programs you allow to run on your computer. That's the main warning.

    We already are trusting Canonical. We run there OS. We use their repos. We have assurances that the software in those repos that we get are actually reviewed and built without "extras" by people with reputations to maintain.

    Some PPAs are great, but not all of them. I only trust PPAs from reputable sources OR from the project team who created the software to begin with. For example, if I want to run Nextcloud and use a PPA, I'll use the PPA from the Nextcloud team, not "Joe's PPA of assorted curiosities". Reputation matters. For firefox, I use the Mozilla PPA, not "Stevo's Greatest Hits PPA".

    The same goes for Snaps, Flatpaks, AppImages. The source of the package matters. If I post a setup.exe on my website and say it is safe, nobody should believe me. We are entirely too trusting, especially if someone seems nice.

    There are always going to be software that isn't in the Canonical Repos. I write code and have some programs that will never been in Canonical's repos for a number of reasons. Some of those reasons are technical, but the main reason is political. Until the projects are popular enough, there's little reason for Canonical to include my software. Plus, I don't make deb packages for it and have no plans to ever do so. Having flexibility and control is why my suggested order of preference for installing software is in the order it is in. Snaps remove much of the control I want for almost everything. I have found 1 specific snap that I mostly like as a snap, not in any other installation method. It is some server software that I use many times a day. All the other snap packages, I would happily do without. In fact, I'd like to only have 1 snap package on only 1 of my systems and never, ever, worry that some other snap might be installed - ever.

  4. #14
    Join Date
    Nov 2024
    Beans
    Hidden!

    Re: Best way to install packages

    Quote Originally Posted by TheFu View Post
    Depends on what a "new version" means. It is contains bug fixes or security patches, then the version would change from 1.5.3 --> 1.5.4 and that would get updated. OTOH, if the updates are for new "features", then no, it wouldn't. Feature updates usually happen in 1.5.3 --> 1.6.x OR 1.5.3 --> 2.0.0 upgrades. Remember, the goal is for the software to be stable and NOT to add any new features.

    If you want new features, then you'll need either a flatpak or a snap or a PPA or the source code or a compatible .deb from someone on the internet which may or may not have nefarious extra code.


    I'm not a fan of snaps or flatpaks for the most part. They are bloated, slow, have constraints that cannot be removed. You can read in long threads in these forums about all the reasons snaps may not be great for everyone. I've never used a flatpak and don't have any interest.

    I use AppImages for a few things. These are un-constrained, single-file, tools what are also bloated, slow, and contain, in theory, all the required dependencies for a program to run. AppImages don't get in my way like snaps and flatpaks do. They don't automatically update either. To update an appimage, assuming it doesn't have self-updating built-in, I have to go and file the location of the appimage to see what's there.



    I don't either, but I also enjoy the flexibility that different options provide. Be careful about the source for any programs you allow to run on your computer. That's the main warning.

    We already are trusting Canonical. We run there OS. We use their repos. We have assurances that the software in those repos that we get are actually reviewed and built without "extras" by people with reputations to maintain.

    Some PPAs are great, but not all of them. I only trust PPAs from reputable sources OR from the project team who created the software to begin with. For example, if I want to run Nextcloud and use a PPA, I'll use the PPA from the Nextcloud team, not "Joe's PPA of assorted curiosities". Reputation matters. For firefox, I use the Mozilla PPA, not "Stevo's Greatest Hits PPA".

    The same goes for Snaps, Flatpaks, AppImages. The source of the package matters. If I post a setup.exe on my website and say it is safe, nobody should believe me. We are entirely too trusting, especially if someone seems nice.

    There are always going to be software that isn't in the Canonical Repos. I write code and have some programs that will never been in Canonical's repos for a number of reasons. Some of those reasons are technical, but the main reason is political. Until the projects are popular enough, there's little reason for Canonical to include my software. Plus, I don't make deb packages for it and have no plans to ever do so. Having flexibility and control is why my suggested order of preference for installing software is in the order it is in. Snaps remove much of the control I want for almost everything. I have found 1 specific snap that I mostly like as a snap, not in any other installation method. It is some server software that I use many times a day. All the other snap packages, I would happily do without. In fact, I'd like to only have 1 snap package on only 1 of my systems and never, ever, worry that some other snap might be installed - ever.


    Thank you very much for your messages, i found them very interesting and educational.

    I would like to clarify that when im talking about installing a .deb, im not talking about any .deb that i will find on internet.
    I am referring to the .deb that Firefox, Obsidian, Libreoffice offer on their websites... that is, .deb that are offered by official pages and companies that you trust and that you know will not contain anything malicious.

    Likewise, when i m talking about PPA add-ons, im talking about official and legal repositories, such as those of Firefox and any other official and trustworthy company.

    Perhaps i didnt make this clear at the beginning and it seemed that i was referring to any repository or .deb that you will find out there.

    Again, i thank you for your messages, i look forward to your response.

  5. #15
    Join Date
    Mar 2010
    Location
    Been there, meh.
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Best way to install packages

    Not all Debs are equal. If you download .deb files and install them, be prepared to get into "APT Hell" where you can't patch your system anymore because dependencies cannot be resolved. You've been warned.

    Ubuntu is just different enough that sometimes Debian versions of software break, or worse, break the APT dependencies of the system.

  6. #16
    Join Date
    Jun 2010
    Location
    London, England
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Best way to install packages

    Do you know what a PPA is?

    PPAs have not undergone the same process of validation as regular ubuntu packages. End users install PPAs at their own risk.
    Subsequently, installing a PPA should be considered to be a low-security alternative as compared to the main repository, but marginally higher security than simply installing software at random from the internet. As part of adding a PPA, you trust the developer to not only install packages, but also to allow them to provide ongoing updates.
    Regards






    https://help.ubuntu.com/community/PPA
    It is a machine. It is more stupid than we are. It will not stop us from doing stupid things.
    Ubuntu user #33,200. Linux user #530,530


  7. #17
    Join Date
    Jul 2013
    Location
    Wisconsin
    Beans
    5,034

    Re: Best way to install packages

    Quote Originally Posted by joepesci2 View Post
    I would like to clarify that when im talking about installing a .deb, im not talking about any .deb that i will find on internet.
    I am referring to the .deb that Firefox, Obsidian, Libreoffice offer on their websites... that is, .deb that are offered by official pages and companies that you trust and that you know will not contain anything malicious.
    Going to the Obsidian website to download an "official" Obsidian .deb is EXACTLY what we mean by "find on the internet"
    Maybe it will work with your release of Ubuntu. Maybe it won't.
    If it doesn't work, ask wherever you got it from for support.
    If you want to know about their updates, you must ask them.


    Quote Originally Posted by joepesci2 View Post
    Likewise, when i m talking about PPA add-ons, im talking about official and legal repositories, such as those of Firefox and any other official and trustworthy company.
    PPAs are not "official" Ubuntu software.
    PPAs are not an official repository. Their original purpose is testing.
    If you add an "official" LibreOffice PPA, we might be able to help. We might not.
    If it doesn't work, ask The Document Foundation for support.
    If you want to know about their updates, you must ask The Document Foundation.

    If you add LibreOffice from the Ubuntu Repos (apt) or the LibreOffice Snap, those are tested for compatibility with releases of Ubuntu.
    We can help with those...though, since they are tested, few such support question arise.

  8. #18
    Join Date
    Aug 2017
    Location
    melbourne, au
    Beans
    Hidden!
    Distro
    Lubuntu Development Release

    Re: Best way to install packages

    My preference is to use the default version in Ubuntu repositories... being a desktop user.

    One reason for doing it that way, is if I break my system due to problem/mistake, I know I can pretty quickly non-destructively re-install it and continue working...

    I talk about the non-destructive re-install here , as that install method is something I use myself.

    eg. I'm using Ubuntu development release currently; which is an unstable system where problems can occur from time to time... last time was August 2023 when two of my five screens became dark (no image) due to a kernel change.. Strange things like that can happen on unstable, so I monitored it, next day the issue was present on the daily so it was bug report with my install being mentioned... Within a week the issue was resolved on the dailies, however the issue remained on my installed system.. and I couldn't find a fix to my installed system... thus when bored of it, I just non-destructively re-installed the system... This involved ensuring my backup of data was good, then just re-install from the latest daily, reboot & then confirm the system worked as I expected... ie. my data AND manually installed apps were all there.... I was back fully operational in under 15 minutes.

    It's an easy fix option as I see it, as I like being able to re-install and system, not lose my data, and have my manually installed or additional apps auto-reinstall automatically.

    The install method I'm talking about assumes its Ubuntu repository software, and I've actually had it re-install snap packages too (but also had it fail to install snap packages, unsure of why its not always reliable as I've not detected the pattern), but I know it won't work with flatpak, appimage, and no QA is done with any 3rd party software.

    Some issues with the type of install were detected in QA of noble (24.04), which haven't been fixed yet, so the install method isn't available on ISOs using `ubuntu-desktop-installer` for 24.04 & 24.10, but it still works on ISOs using the `calamares` installer.. and the hope is the bug in ubuntu-desktop-provision will get fixed, thus forced format can be removed allowing it to with ubuntu-desktop-installer too.

  9. #19
    Join Date
    Nov 2024
    Beans
    Hidden!

    Re: Best way to install packages

    Quote Originally Posted by TheFu View Post
    Not all Debs are equal. If you download .deb files and install them, be prepared to get into "APT Hell" where you can't patch your system anymore because dependencies cannot be resolved. You've been warned.

    Ubuntu is just different enough that sometimes Debian versions of software break, or worse, break the APT dependencies of the system.
    Hi TheFu! How are you? Thank you very much for the information.
    Now its clear to me, must try to avoid installing directly via .deb at all costs. Thank you very much.


    Quote Originally Posted by grahammechanical View Post
    Do you know what a PPA is?


    Regards


    https://help.ubuntu.com/community/PPA
    Hi grahammechanical! Yes, i have an idea of ​​what a PPA is, but i have seen that trusted companies like Firefox and similar also have PPA repositories, so it made me think that these types of PPAs would be reliable and more secure.
    But it has become clear to me that its best not to add any kind of independent PPA to Ubuntu.
    The problem will be if there is some software that is not in Ubuntus own repositories.

    Thank you very much for all the information and for your time.

  10. #20
    Join Date
    Nov 2024
    Beans
    Hidden!

    Re: Best way to install packages

    Quote Originally Posted by ian-weisser View Post
    Going to the Obsidian website to download an "official" Obsidian .deb is EXACTLY what we mean by "find on the internet"
    Maybe it will work with your release of Ubuntu. Maybe it won't.
    If it doesn't work, ask wherever you got it from for support.
    If you want to know about their updates, you must ask them.




    PPAs are not "official" Ubuntu software.
    PPAs are not an official repository. Their original purpose is testing.
    If you add an "official" LibreOffice PPA, we might be able to help. We might not.
    If it doesn't work, ask The Document Foundation for support.
    If you want to know about their updates, you must ask The Document Foundation.

    If you add LibreOffice from the Ubuntu Repos (apt) or the LibreOffice Snap, those are tested for compatibility with releases of Ubuntu.
    We can help with those...though, since they are tested, few such support question arise.


    Hi ian-weisser! How are you? Thank you very much for the information, thanks to you and other colleagues, it has become clear to me that we must try to avoid installing from outside APT at all costs.

    The "problem" may come when that software isnt in the official Ubuntu repositories.

    Thank you very much.

Page 2 of 5 FirstFirst 1234 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •