Please check the status of this specification in Launchpad before editing it. If it is Approved, contact the Assignee or another knowledgeable person before making changes.

Summary

It should be possible to install software in a safe and supported way over a website. This allows us to provide more dynamic content and richer metadata (like screenshots, comments) than with traditional client applications and to better support Launchpad's new personal package archives. To achieve this, a new "apt://" protocol will be created that allows giving commands to apt/synaptic.

Release Note

The apt-firefox-archive-plugin feature allows users to install software via simple websites in a safe and supported way.

Rationale

People use to install software just clicking on a URL. Softonic, Tucows and others, list lots of applications that users can easily add to their Windows boxes. The linux way is not that easy.

An Ubuntu distribution has got a defined repository with loads of software, but users need to use a specific software installer (gnome-app-install, synaptic) to add more software.

Use Cases

Scope

The apt protocol should support the following actions:

Design

The default internet browser will call a external application whenever an apt:package_name url is clicked. It adds the complete url as an argument to that external application. The external application will then do the equivalent of apt-get install $package_name (using synaptic or adept_batch as its backend)

The new protocol will follow http://tools.ietf.org/html/rfc3986 (STD66).

In its easiest from, the new url will be formatted:

  apt:package_name

We are not linking a .deb file, just giving the name of the package to an external application. By default the syntax will be not hierarchical, but to stay compatible with Guadalinex a hierarchical argument will be supported as well (apt://pkg_name will also work).

In addition to this, a syntax will be supported to install applications that come from repositories that are not in the current sources.list. This synatx will follow the following style:

apt+http://launchpad.net/~mvo/ppa/test/?package=my-new-package?keyfile=ppa-key

The keyfile will be searched in /usr/share/app-install/channels. If no keyfile is given it is assumed that the repository is authenticated with the default key. If the repository can not be authenticated it will not be added and no packages get installed.

If the repository is not already in the sources.list the UI will ask if the repository should be added permanently or just temporarily. The package is then installed. If no parameter is given it is assumed that the distro is set to "/". The line above expands to:

deb http://launchpad.net/~mvo/ppa/test/ /

The parameters "dist=foo" and multiple "section=bar" are supported as well. So apt+http://launchpad.net/~mvo/ppa/test/?package-my-new-pkg?dist=feisty?section=foo?section=bar expands to a sources.list line like this:

deb http://launchpad.net/~mvo/ppa/test feisty foo bar

Additional a parameter minversion=x.y will be supported. This enables us to build webpages about packages that describe new features and provide a quick "install now" link. If (for some reason) the minversion is not available the user will not be disappointed that the package he installed does not actually support the advised features.

Example:

apt:tuxracer
apt+http://launchpad.net/~mvo/ppa/test?package=foo?minversion=1.0

Implementation

The handler will be installed into /usr/share/firefox/defaults/prefs/apt-archive-handler.js as an additional configuration file. The whole application will done as a new package with some python clue code (gapti/gdebi will be reused as much as possible or even merged if that is feasible).

A similar mechanism is implemented in Guadalinex, the file /usr/lib/firefox/firefox.cfg was modified to achieve the same goal, and a perl script was added to parse the url, and call synaptic. We will provide compatibility with their syntax.

The current set of commands is limited on purpose. Actions like "update", "upgrade", "dist-upgrade", "remove" look not useful or plain dangerous. We may expand the syntax later to support multiple packages separated by ",".

Security

With the above design the security implications are small. All software comes from trusted repositories, it is only possible to add repositories that have a keyfile that is already available in ubuntu already (e.g. in the app-install-data-commercial package).

A possible attack vector would be to trick users to install a application with a known vulnerability or to install applications that open a port.

Future Work

The approach to allow only adding repositories with already available keys limits this protocol for third party vendors. We could consider extending the specification in the future to have a command like "add-repository-unsafe" if that is a desired goal, or have a new apt-protocol: handler.

Releated Work

A similar approach using a command file instead of a protocol: https://wiki.ubuntu.com/ThirdPartyApt and https://wiki.ubuntu.com/GAptI.

The svn for the Guadalinex implementation:

svn co http://forja.guadalinex.org/guadalinexv4/apps/xapi

Comments

The current set of commands is limited on purpose. Actions like "update", "upgrade", "dist-upgrade", "remove" look not useful or plain dangerous. We may expand the syntax later to support multiple packages separated by ",".


CategorySpec

AptFirefoxFileHandler (last edited 2009-07-22 05:47:36 by claysmalley)