What is the safest way to install software that it is not on the main repository?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
What is the safest way to install software that it is not on the main repository?
I wanted to know which is the safest way to install applications when this are not on the main repository, I mean safe in the sense of both not unintentionally installing malware and not damaging or creating conflicts within my OS.
I have read some people saying that SNAP could damage your system, others that .deb do, so I'm a bit confused since there are multiple opinions on the subject. Still, I guess that the best way is compiling from source, but if I can't do that, what's next?
Could you please tell us what software you'd like to install? And could you also mention the use case (server or desktop/laptop).
On my servers I mostly run my applications as Docker containers. They're quite well separated from the main OS. I am no real expert but I can manage them quite well.
Could you please tell us what software you'd like to install? And could you also mention the use case (server or desktop/laptop).
On my servers I mostly run my applications as Docker containers. They're quite well separated from the main OS. I am no real expert but I can manage them quite well.
I am not refering to a particular software, just asking in general, because I want to try and install all software in the best way possible so I will not have future problems with my OS. I am running it on a desktop machine.
I am not refering to a particular software, just asking in general, because I want to try and install all software in the best way possible so I will not have future problems with my OS. I am running it on a desktop machine.
Quote:
Mmm, okay, so the main idea is to try to avoid .deb whenever possible, right?
Instead of trying to install random .deb packages you have downloaded, it is best practice to install software from the Debian repos.
Using the Debian package management tools ie: apt etc you won't run into problems.
What is the safest way to install software that it is not on the main repository?
Official repositories is always the safest choice.
Compiling source code is also safe. You can avoid damage and conflicts by using "/opt/<package_name" as prefix with "./configure" command or install and use "stow" to easily activate / deactivate packages.
I would seriously consider trying out the AppImage format.
Although the stock answer in Linux is to always, always use the repositories, there's a growing trend developing for an equivalent to the 'Windows-PortableApps'. This is where Snaps, FlatPaks, AppImages, and the like are coming from.
I know the older Linux stalwarts will have my head in a vice for saying this, but due to the trend of more & more individuals growing disillusioned with Windows - especially given 10's predilection for 'data-harvesting' - there's an increasing number of folks looking for an alternative to the status quo.....and for many, Linux makes the most sense, especially since it's approaching nearly 3 decades in use.
For these individuals, they don't always want to have to learn totally new ways of doing things. They're used to just downloading things, and simply clicking on them to run 'em. Why should they have to be 'turned off' the idea of using Linux (or turned away), simply because we insist on sticking to 'tried & true' principles? Moreover, what's to stop some of us spreading our wings, and moving with the times? Must we remain stuck in the rut of doing things the same way, simply because that's the way we've always done them...?
Linux devs do go out of their way to come up with new ways of doing stuff. The least some of us can do is to give them a try.
Okay, I hear some of you say; he uses Puppy Linux, which marks him out as an IDIOT to start with, so we shouldn't take anything he says too seriously. Well, I've recently set up an install of the flagship Puppy, Bionicpup64, from scratch (which took around an hour and a half) and more than half of all my installed apps are running as AppImages, sym-linked in from a dedicated directory on an external partition.....a format which, I might add, works extremely well with Pup's admittedly 'odd' (to most of you) way of doing things. AppImages are intended to run in /tmp for the duration of a session, and with Puppy running in a 'temporary', virtual file-system in RAM anyway, it all gels rather nicely. It's also extremely quick (and easy) to 'update' an item when the time comes. Simply delete the old one, download & click-to-run the new one. Easy-peasy.
Admittedly, I'm talking about 'major' items, like the GIMP, and LibreOffice. These are available from the app's own official websites, and where not, usually from project pages on Github.....which I've never had any issues with, even since M$ bought them out.....
I just like AppImages. Personal choice.
Mike.
Last edited by Mike_Walsh; 03-01-2020 at 07:39 PM.
@random-UUID:
There is no single correct answer here.
Containerised formats (snap, flatpak, maybe even docker) come with their own challenges and limitations.
“Random” .debs from the web might be designed for a different release of Debian or, worse, Ubuntu (edit: but they might just as well be perfectly suitable for your system)
ANY software could be bad/malware - even if you compile it yourself!
compiling yourself is harmless if tricky, but installing the result to your system might pose some challenges. In other words: make by all means, but think before you sudo make install. Many softwares can run locally from where you ‘make’d them (not installed)
In any case, multiple discrimination criteria need to be applied.
First install it in a container (like docker) or a VM, if possible. Or use a test host/OS just for that. But anyway, if you are unsure probably better to find another safer solution instead.
source code from the one that wrote it.
./configure
make
make install
they are all done this way before being put into a package (deb, rpm, etc)
then you can use whatever distro you're using way of packaging the source code and put it into that format then install it if you please.
as far as "is it safe?"
you would have to either read through each line of code and find what you'd conciser safe or not before compiling and adding it into your system, or ask the developer the twenty questions game to try and determine if he or she is trustworthy, or search online to see if anyone else did that before you then posted about it.
or just install it and forget about the paranoia behind it.
cd ~/.local/src
tar xf /path/to/tarball.tar.gz
./configure --prefix=$HOME/.local
make
make install
make clean
That installs the program into ~/.local, with the executables in ~/.local/bin and its other files (documentation, etc) in ~/.local/share. That's pretty safe.
Last edited by dugan; 03-02-2020 at 08:59 AM.
Reason: Install to $HOME/.local not /usr
even though you're putting yours into a hidden dir in home. whereas depending on what distro one is using some do not even use /usr/local so (sometimes) I put my what I added from source into that so it keeps it separated.
I don't understand how using prefix=/usr gets it to install into a hidden dir in your home.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.