Upload the source packages to Launchpad, thus creating a PPA that any Ubuntu user (and its derivatives like Linux Mint) could easily add and install
If accepted, they would be automatically available to all Debian users, including all derivatives like Ubuntu. Submit the source packages, both your software and its dependencies, for inclusion to Debian. debs or source packages.įrom there, you have a number of options: You create debian packages for your dependencies, list them as requirements in your package, and ship all the. Afterall, handling dependencies (versions, updates, requirements, conflicts) is why dpkg/ aptwas created in the first place! :) But, has the same problems as #1, as it bypasses most of the packaging system infrastructure. All the risks and burdens are transferred from final user to the package maintainer.
deb would not require internet access at install time. It mitigates (but not solve!) some of the issues of #3: at least you can inspect the final product, and the. This is a middle-ground between #1 and #3. The instructions for the pip install would go into debian/rules (notice the lowercase debian, as opposed to the binary package), and would be executed when you issue debuild or dpkg-buildpackage. dsc triad), by downloading from PyPi when creating the "binary" package (the. You didn't mention it, but you could integrate the dependencies only at build time, ie, in the source package (the. But that is proprietary, closed source software, so their security is none anyway. Yes, that would require fiddling with DEBIAN/postinst (or preinst) and issuing a wget (or, in your case, pip install), and that is the approach taken by Flash, Oracle Java, Steam and others.
No concerned user would be happy with a package that, behind the scenes (and as root, remember!), downloads additional untrusted software from untrusted sources. It's an approach that completely bypass the repositories system. You wouldn't even be able to inspect the dependencies by extracting the deb, because they are downloaded and installed at install time. deb) is a serious security risk, definitely a no-no. It would defeat the purpose of a packaging system that handles dependencies, updates, versioning, etc.ĭownloading non-debian packages on-the-fly when installing a binary (. Integrating dependencies in your package by copying their source files over as a single codebase is very frowned upon. I've spoken with some maintainers at the Debian IRC channel irc://#debian-mentors, asking for the exact same thing, and the general consensus was:
0 kommentar(er)
