Using Debian packages

Lysander · 2019-03-29 10:17:43

Apologies if this has been posted before.

Occasionally I use Debian packages if there is no Devuan equivalent.

Examples - Spotify, yandex-disk, owncloud [OK I haven't done the latter yet but I plan to].

Is this OK/safe to do? I imagine that it wouldn't be a problem but I thought it best to check.

fsmithred · 2019-03-29 12:04:14

I guess it's about as safe as it ever was to use outside repos in debian. As long as they don't require systemd, it should be ok. You might run into problems if something expects to see debian and doesn't recognize devuan. Check forum and mailing list archives for discussions about specific apps.

yeti · 2019-03-29 12:51:21

Grab the deb-sources and rebuild them on Devuan.

golinux · 2019-03-29 15:52:58

Lysander . . . Third party repos are always a bit of a risk. Take care.

Head_on_a_Stick · 2019-03-29 19:04:30

Lysander wrote:

Spotify

Don't pollute your sources with their repository, use a flatpak version instead:

https://flathub.org/apps/details/com.spotify.Client

ralph.ronnquist · 2019-03-30 01:26:36

@Head_on_a_Stick: You've got that advice backassed. It should be: don't pollute your system with flatpack.

Head_on_a_Stick · 2019-03-30 10:59:26

^ Well I couldn't find a snapd package in the Devuan repositories

But seriously, I don't think giving the Spotify developers the opportunity to mess up the dependency chain is a good idea.

flatpak may be a bloated pile of crap but at least it can be run without root privileges (with the --user flag) and it doesn't interfere with the package manager.

golinux · 2019-03-30 13:51:08

Head_on_a_Stick wrote:

^ Well I couldn't find a snapd package in the Devuan repositories

That's because it's on the banned packages list. Really, who needs "backassed" (thanks Ralph) pkgs like that.

Panopticon · 2019-03-30 14:38:53

Leave the flatpak and snapd packages alone i say, if its not in the devuan repos, try a source build as yeti mentioned.

Head_on_a_Stick · 2019-03-30 15:36:25

golinux wrote:

Head_on_a_Stick wrote:
^ Well I couldn't find a snapd package in the Devuan repositories
That's because it's on the banned packages list.

Nice! Thanks for the info.

Panopticon wrote:

try a source build as yeti mentioned

I agree that would be the preferred option but Spotify do not supply source code, the spotify-client package is in their non-free repository component (which is the only component in their repositories) and it is a blob.

Panopticon · 2019-03-30 16:01:56

^ yes because it is proprietary software, hint hint ? If you cant build the program from source why in hell would you want to flatpack or snap it?

Last edited by Panopticon (2019-03-30 16:03:58)

Head_on_a_Stick · 2019-03-30 16:06:09

FWIW, I agree and I don't use Spotify myself but apparently the OP does.

golinux · 2019-03-30 16:08:34

The desire for harmful, unjust things is a fatal flaw of our species. And we never seem to learn . . .

Panopticon · 2019-03-30 16:08:40

^ @ HOAS, Yes and also dubious yandex-disk, think about it....

Last edited by Panopticon (2019-03-30 16:12:30)

Lysander · 2019-03-30 18:54:30

Thank you very much for the responses, everyone. Spotify works perfectly, as does Vivaldi. I know Spotify is proprietary but I use it regardless of distro.

ToxicExMachina · 2019-04-01 04:27:40

Head_on_a_Stick wrote:

^ Well I couldn't find a snapd package in the Devuan repositories
But seriously, I don't think giving the Spotify developers the opportunity to mess up the dependency chain is a good idea.
flatpak may be a bloated pile of crap but at least it can be run without root privileges (with the --user flag) and it doesn't interfere with the package manager.

Both flatpak and snap are EEE projects. AppImage is better because it's tarball evolution.

Head_on_a_Stick · 2019-04-01 18:23:17

ToxicExMachina wrote:

Both flatpak and snap are EEE projects

And what has that to do with anything?

ToxicExMachina wrote:

AppImage is better

Well if that was the case then your previous statement would be false because the alternatives would lack the middle E...

In the case of flatpak the advantage is the sandbox provided by bubblewrap, it's not great security but it's better than nothing (which is what AppImages provide).

Also, do Spotify even provide an AppImage?

ToxicExMachina · 2019-04-02 04:16:03

Head_on_a_Stick wrote:

ToxicExMachina wrote:
Both flatpak and snap are EEE projects
And what has that to do with anything?

Additional package manager in system totally controlled by microsoft-friendly company (RedHat and Canonical are friends of microsoft) is not a good idea.

Head_on_a_Stick wrote:

ToxicExMachina wrote:
AppImage is better
Well if that was the case then your previous statement would be false because the alternatives would lack the middle E...
In the case of flatpak the advantage is the sandbox provided by bubblewrap, it's not great security but it's better than nothing (which is what AppImages provide).

AppImage has FireJail sandbox support. So it's definitely much and much more than nothing.

Head_on_a_Stick wrote:

ToxicExMachina wrote:
AppImage is better
Also, do Spotify even provide an AppImage?

According to official website Spotify doesn't provide official flatpak builds. Moreover: there is official deb repository.

Besides, flatpak and/or snap instead of AppImage is a trait of incompetent upstream maintainer.

I may also suggest a totally open source alternative to Spotify: https://github.com/nukeop/nuclear
It has AppImage builds

Last edited by ToxicExMachina (2019-04-02 04:18:37)

Head_on_a_Stick · 2019-04-02 06:03:04

ToxicExMachina wrote:

in system totally controlled by microsoft-friendly company (RedHat and Canonical are friends of microsoft) is not a good idea

Using Spotify is not a good idea but that's what the OP wants and IMO a sandboxed chroot is a better option than handing control of APT to the Spotify developers.

Oh, and RedHat, Cannonical and Microsoft are all contributors to the Linux kernel itself.

ToxicExMachina wrote:

AppImage has FireJail sandbox support.

All programs have firejail "support", that's not an intrinsic feature of AppImages.

ToxicExMachina wrote:

According to official website Spotify doesn't provide official flatpak builds.

I didn't claim otherwise, my question was are there any Spotify AppImages available at all?

ToxicExMachina wrote:

there is official deb repository.

Why do you think it is acceptable to hand the APT keys over to a proprietary company?

As I mentioned earlier, flatpak can be run without root permissions, which seems significantly safer to me.

ToxicExMachina · 2019-04-02 06:49:16

Head_on_a_Stick wrote:

ToxicExMachina wrote:
in system totally controlled by microsoft-friendly company (RedHat and Canonical are friends of microsoft) is not a good idea
Using Spotify is not a good idea but that's what the OP wants and IMO a sandboxed chroot is a better option than handing control of APT to the Spotify developers.

Yes. And he don't need another third party wannabe-"secure" package manager for that.

Head_on_a_Stick wrote:

Oh, and RedHat, Cannonical and Microsoft are all contributors to the Linux kernel itself.

The subject is not kernel.

Head_on_a_Stick wrote:

ToxicExMachina wrote:
AppImage has FireJail sandbox support.
All programs have firejail "support", that's not an intrinsic feature of AppImages.

man firejail

Head_on_a_Stick wrote:

ToxicExMachina wrote:
According to official website Spotify doesn't provide official flatpak builds.
I didn't claim otherwise, my question was are there any Spotify AppImages available at all?

Maybe someone made a package. I don't know. However, there is no official flatpak package.

Head_on_a_Stick wrote:

ToxicExMachina wrote:
there is official deb repository.
Why do you think it is acceptable to hand the APT keys over to a proprietary company?

I don't think about that - user should decide the grade of acceptance.

Head_on_a_Stick wrote:

As I mentioned earlier, flatpak can be run without root permissions, which seems significantly safer to me.

Flatpak is systemd way. It's also extremely insecure thing with fake sandboxing: https://flatkill.org/

Last edited by ToxicExMachina (2019-04-02 06:51:35)

ToxicExMachina · 2019-04-04 05:13:42

cynwulf wrote:

The only way to install such software with any degree of safety is to create a chroot and install it there - but it's still not to be considered trustworthy. As I understand it, it's a binary distribution, so you're somewhat hamstrung, but without resorting to a chroot, you could also unpack the deb and manually install the components under /usr/local , create symbolic links, etc...

debootstrap + schroot + firejail = relatively secure way for third party repos.

1. Create separated root filesystem with debootstrap

2. Install packages into chroot environment

3. Run program via firejail and schroot

siva · 2019-04-04 11:59:55

Last time I used the Spotify "app," it felt an awful lot like I was using the web version.

I still wonder what the differences were. But, I don't use Spotify.

Panopticon · 2019-04-04 13:03:47

I dont see the point in spotify, most music available on spotify is on youtube, but im old school and like to purchase albums and hard copies where i can if i really like the music. youtube-dl and keep your music on a portable local drive, save bandwidth too. I have a plan where i can bank unused data for the next month so every byte counts.

Last edited by Panopticon (2019-04-04 13:04:57)

ToxicExMachina · 2019-04-06 04:46:21

Panopticon wrote:

I dont see the point in spotify

Me too.

https://nuclear.js.org/
https://freetubeapp.io/

Last edited by ToxicExMachina (2019-04-06 04:47:52)

dxrobertson · 2019-04-07 00:04:09

Panopticon wrote:

most music available on spotify is on youtube, but im old school and like to purchase albums and hard copies where i can if i really like the music. youtube-dl and keep your music on a portable local drive

Same here.

The officially official Devuan Forum!

#1 2019-03-29 10:17:43

Using Debian packages

#2 2019-03-29 12:04:14

Re: Using Debian packages

#3 2019-03-29 12:51:21

Re: Using Debian packages

#4 2019-03-29 15:52:58

Re: Using Debian packages

#5 2019-03-29 19:04:30

Re: Using Debian packages

#6 2019-03-30 01:26:36

Re: Using Debian packages

#7 2019-03-30 10:59:26

Re: Using Debian packages

#8 2019-03-30 13:51:08

Re: Using Debian packages

#9 2019-03-30 14:38:53

Re: Using Debian packages

#10 2019-03-30 15:36:25

Re: Using Debian packages

#11 2019-03-30 16:01:56

Re: Using Debian packages

#12 2019-03-30 16:06:09

Re: Using Debian packages

#13 2019-03-30 16:08:34

Re: Using Debian packages

#14 2019-03-30 16:08:40

Re: Using Debian packages

#15 2019-03-30 18:54:30

Re: Using Debian packages

#16 2019-04-01 04:27:40

Re: Using Debian packages

#17 2019-04-01 18:23:17

Re: Using Debian packages

#18 2019-04-02 04:16:03

Re: Using Debian packages

#19 2019-04-02 06:03:04

Re: Using Debian packages

#20 2019-04-02 06:49:16

Re: Using Debian packages

#21 2019-04-04 05:13:42

Re: Using Debian packages

#22 2019-04-04 11:59:55

Re: Using Debian packages

#23 2019-04-04 13:03:47

Re: Using Debian packages

#24 2019-04-06 04:46:21

Re: Using Debian packages

#25 2019-04-07 00:04:09

Re: Using Debian packages

Board footer