Listaller – A simple and secure way to distribute 3rd-party applications – Matthias Klumpp

Fundamental problem to solve: users want to install stuff that is not in their distro’s repository (new packages, backports). First attempted to create a cross-distro packaging system. However, this just adds a new packaging system so it doesn’t really work.

PPAs are a work around, but are essentially insecure: not just that you have to trust the PPA, but also the distro itself can install something that breaks horribly with the PPA stuff.

With listaller, the user shouldn’t notice that listaller is used, it should integrate seamlessly with the distro. It should get updates together with the rest of the system. This happens with PackageKit – listaller is a packagekit plugin that filters the listaller packages and handles them itself instead of letting them be resolved by the native package manager. The native package manager is used for getting dependencies.

Listaller is really for end applications, so it only solves simple cases, not the horrible dependency mess that distributors need to solve.

For security, it uses signatures and also sandboxing (not yet).

Listaller provides developer tools so it is easy to create a listaller binary package for different distributions.

Metadata: an appdata file with the description and license; build.rules (executable script, usually make -f); files-current.list; license.

Fun lipkgen which detects required components, generates and signs the package. It also runs the validator of the native distribution.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s