You are not logged in.
Pages: 1
Apologies if this has been posted before.
Occasionally I use Debian packages if there is no Devuan equivalent.
Examples - Spotify, yandex-disk, owncloud [OK I haven't done the latter yet but I plan to].
Is this OK/safe to do? I imagine that it wouldn't be a problem but I thought it best to check.
Offline
I guess it's about as safe as it ever was to use outside repos in debian. As long as they don't require systemd, it should be ok. You might run into problems if something expects to see debian and doesn't recognize devuan. Check forum and mailing list archives for discussions about specific apps.
Offline
Grab the deb-sources and rebuild them on Devuan.
*๐๐๐๐๐๐!*
Offline
Lysander . . . Third party repos are always a bit of a risk. Take care.
Offline
Spotify
Don't pollute your sources with their repository, use a flatpak version instead:
Brianna Ghey โ Rest In Power
Offline
@Head_on_a_Stick: You've got that advice backassed. It should be: don't pollute your system with flatpack.
Offline
^ Well I couldn't find a snapd package in the Devuan repositories
But seriously, I don't think giving the Spotify developers the opportunity to mess up the dependency chain is a good idea.
flatpak may be a bloated pile of crap but at least it can be run without root privileges (with the --user flag) and it doesn't interfere with the package manager.
Brianna Ghey โ Rest In Power
Offline
^ Well I couldn't find a snapd package in the Devuan repositories
That's because it's on the banned packages list. Really, who needs "backassed" (thanks Ralph) pkgs like that.
Offline
Leave the flatpak and snapd packages alone i say, if its not in the devuan repos, try a source build as yeti mentioned.
Offline
Head_on_a_Stick wrote:^ Well I couldn't find a snapd package in the Devuan repositories
That's because it's on the banned packages list.
Nice! Thanks for the info.
try a source build as yeti mentioned
I agree that would be the preferred option but Spotify do not supply source code, the spotify-client package is in their non-free repository component (which is the only component in their repositories) and it is a blob.
Brianna Ghey โ Rest In Power
Offline
^ yes because it is proprietary software, hint hint ? If you cant build the program from source why in hell would you want to flatpack or snap it?
Last edited by Panopticon (2019-03-30 16:03:58)
Offline
FWIW, I agree and I don't use Spotify myself but apparently the OP does.
Brianna Ghey โ Rest In Power
Offline
The desire for harmful, unjust things is a fatal flaw of our species. And we never seem to learn . . .
Offline
^ @ HOAS, Yes and also dubious yandex-disk, think about it....
Last edited by Panopticon (2019-03-30 16:12:30)
Offline
Thank you very much for the responses, everyone. Spotify works perfectly, as does Vivaldi. I know Spotify is proprietary but I use it regardless of distro.
Offline
^ Well I couldn't find a snapd package in the Devuan repositories
But seriously, I don't think giving the Spotify developers the opportunity to mess up the dependency chain is a good idea.
flatpak may be a bloated pile of crap but at least it can be run without root privileges (with the --user flag) and it doesn't interfere with the package manager.
Both flatpak and snap are EEE projects. AppImage is better because it's tarball evolution.
Offline
Both flatpak and snap are EEE projects
And what has that to do with anything?
AppImage is better
Well if that was the case then your previous statement would be false because the alternatives would lack the middle E...
In the case of flatpak the advantage is the sandbox provided by bubblewrap, it's not great security but it's better than nothing (which is what AppImages provide).
Also, do Spotify even provide an AppImage?
Brianna Ghey โ Rest In Power
Offline
ToxicExMachina wrote:Both flatpak and snap are EEE projects
And what has that to do with anything?
Additional package manager in system totally controlled by microsoft-friendly company (RedHat and Canonical are friends of microsoft) is not a good idea.
ToxicExMachina wrote:AppImage is better
Well if that was the case then your previous statement would be false because the alternatives would lack the middle E...
In the case of flatpak the advantage is the sandbox provided by bubblewrap, it's not great security but it's better than nothing (which is what AppImages provide).
AppImage has FireJail sandbox support. So it's definitely much and much more than nothing.
ToxicExMachina wrote:AppImage is better
Also, do Spotify even provide an AppImage?
According to official website Spotify doesn't provide official flatpak builds. Moreover: there is official deb repository.
Besides, flatpak and/or snap instead of AppImage is a trait of incompetent upstream maintainer.
I may also suggest a totally open source alternative to Spotify: https://github.com/nukeop/nuclear
It has AppImage builds
Last edited by ToxicExMachina (2019-04-02 04:18:37)
Offline
in system totally controlled by microsoft-friendly company (RedHat and Canonical are friends of microsoft) is not a good idea
Using Spotify is not a good idea but that's what the OP wants and IMO a sandboxed chroot is a better option than handing control of APT to the Spotify developers.
Oh, and RedHat, Cannonical and Microsoft are all contributors to the Linux kernel itself.
AppImage has FireJail sandbox support.
All programs have firejail "support", that's not an intrinsic feature of AppImages.
According to official website Spotify doesn't provide official flatpak builds.
I didn't claim otherwise, my question was are there any Spotify AppImages available at all?
there is official deb repository.
Why do you think it is acceptable to hand the APT keys over to a proprietary company?
As I mentioned earlier, flatpak can be run without root permissions, which seems significantly safer to me.
Brianna Ghey โ Rest In Power
Offline
ToxicExMachina wrote:in system totally controlled by microsoft-friendly company (RedHat and Canonical are friends of microsoft) is not a good idea
Using Spotify is not a good idea but that's what the OP wants and IMO a sandboxed chroot is a better option than handing control of APT to the Spotify developers.
Yes. And he don't need another third party wannabe-"secure" package manager for that.
Oh, and RedHat, Cannonical and Microsoft are all contributors to the Linux kernel itself.
The subject is not kernel.
ToxicExMachina wrote:AppImage has FireJail sandbox support.
All programs have firejail "support", that's not an intrinsic feature of AppImages.
man firejail
ToxicExMachina wrote:According to official website Spotify doesn't provide official flatpak builds.
I didn't claim otherwise, my question was are there any Spotify AppImages available at all?
Maybe someone made a package. I don't know. However, there is no official flatpak package.
ToxicExMachina wrote:there is official deb repository.
Why do you think it is acceptable to hand the APT keys over to a proprietary company?
I don't think about that - user should decide the grade of acceptance.
As I mentioned earlier, flatpak can be run without root permissions, which seems significantly safer to me.
Flatpak is systemd way. It's also extremely insecure thing with fake sandboxing: https://flatkill.org/
Last edited by ToxicExMachina (2019-04-02 06:51:35)
Offline
The only way to install such software with any degree of safety is to create a chroot and install it there - but it's still not to be considered trustworthy. As I understand it, it's a binary distribution, so you're somewhat hamstrung, but without resorting to a chroot, you could also unpack the deb and manually install the components under /usr/local , create symbolic links, etc...
debootstrap + schroot + firejail = relatively secure way for third party repos.
1. Create separated root filesystem with debootstrap
2. Install packages into chroot environment
3. Run program via firejail and schroot
Offline
Last time I used the Spotify "app," it felt an awful lot like I was using the web version.
I still wonder what the differences were. But, I don't use Spotify.
Offline
I dont see the point in spotify, most music available on spotify is on youtube, but im old school and like to purchase albums and hard copies where i can if i really like the music. youtube-dl and keep your music on a portable local drive, save bandwidth too. I have a plan where i can bank unused data for the next month so every byte counts.
Last edited by Panopticon (2019-04-04 13:04:57)
Offline
I dont see the point in spotify
Me too.
https://nuclear.js.org/
https://freetubeapp.io/
Last edited by ToxicExMachina (2019-04-06 04:47:52)
Offline
most music available on spotify is on youtube, but im old school and like to purchase albums and hard copies where i can if i really like the music. youtube-dl and keep your music on a portable local drive
Same here.
Offline
Pages: 1