Custom web browser protocol to install from apt-get

Tristan Wibberley maihem at maihem.org
Sun Mar 19 12:37:46 GMT 2006 

I've cross-posted this to sounder, please reply there.

Jason Taylor wrote:
> Klik uses a custom protocol klik:// to trigger installs
> 
> I was thinking a similar thing for apt-get would be cool, so in a web
> page you could have a link to apt-get-install://banshee and that would
> trigger asking for the sudo password and then install from the
> existing repo list, could even ui it by tying into synaptic so you get
> a pretty progress bar.
> 
> As a bonus maybe also apt-get-add-repo://

I've been thinking about a package installation uri, but I think you 
shouldn't only have the uri for installing a package from an already 
configured source, and maybe include some common conflict resolution 
rules. Even then, the uri could end up being to big.

Perhaps the best thing to do would be to have an uri of the form:

apt-get-install:descriptor-uri

For simple things, data: could be used as the descriptor-uri.

Would "apt-get-install:http://foo.com/bar/banshee" or 
apt-get-install:data:Package:%20pkgname%0cAdd-Conflicts:%20oldpkgname%0cAdd-Replaces:%20oldpkgname%0cTemporary-Sources:%20deb%20http://xyz%0c%20deb-src%20data:packagesfile.etc
be invalid uris? I know the data: example is too complex a case to be 
used for data: in practice.

then you could have a descriptor which gives the package name, version 
constraints, source constraints (ie, install from a particular source if 
configured, and ask the user if he wants to *temporarily* include that 
source for specific depended upon packages), etc...

It could also list other packages to install only if they are 
recommended and suggested in the repository.

The amount of additional magic should then be minimised as a descriptor 
file is more generally applicable and could be supported directly by apt.

> Another use, the applications web site could actully give a link for
> installing the application instead of a "avalible in dapper repo"
> 
> Anybody else think this would be usefull, users would never have to
> drop to command line you could have links on the howto page
> instead.....

Oh yes, but security is a big issue, at the moment people just install 
from the preconfigured repositories, with such an easy way to install, 
people will happily click yes. This should be made to scare bucketloads 
of poo from users if they are about to install packages from an 
untrusted source.

-- 
Tristan Wibberley

More information about the ubuntu-devel mailing list