Web-based repository
In my last post I wrote about repositories repositories .
Over the past almost two months, RestAPI has been added and another repository has appeared, which I want to tell you about.
I’ll start by saying that it’s difficult to get into the official repository, while the PPA only has open software for the policy, or a small amount of the closed one, which is built according to the principle - everything is collected, and the package build script simply copies the files to the system.
If a programmer or company releases one program, and uploads it to the PPA, then we get a PPA with one package, with a maximum of two - there are many such repositories, and many sites have just links to download packages - the package is closed - we collected it and everything - and then download, install.
So what I wanted to get - a repository that works on the principle of the Android Market - users post themselves what they want into this repository. Since I cannot keep it at my place, and the package volumes can be very large, the repository stores links to the packages. In addition to the packages there is a description of them. It turns out that specifying the address of the deb file and the description of the package, you can download the package into the repository.
')
Each package is checked so that its description does not cause an error in the list of packages - thus a crazy package will not kill the entire repository. The correctness of the package itself and the link is already on the loading conscience.
For those who develop closed applications or single packages, for the sake of which it is not advisable to start a new PPA, this may be a fairly good solution, but so far security issues have not been worked out.
Over the past almost two months, RestAPI has been added and another repository has appeared, which I want to tell you about.
I’ll start by saying that it’s difficult to get into the official repository, while the PPA only has open software for the policy, or a small amount of the closed one, which is built according to the principle - everything is collected, and the package build script simply copies the files to the system.
If a programmer or company releases one program, and uploads it to the PPA, then we get a PPA with one package, with a maximum of two - there are many such repositories, and many sites have just links to download packages - the package is closed - we collected it and everything - and then download, install.
So what I wanted to get - a repository that works on the principle of the Android Market - users post themselves what they want into this repository. Since I cannot keep it at my place, and the package volumes can be very large, the repository stores links to the packages. In addition to the packages there is a description of them. It turns out that specifying the address of the deb file and the description of the package, you can download the package into the repository.
')
Repository and package security
Each package is checked so that its description does not cause an error in the list of packages - thus a crazy package will not kill the entire repository. The correctness of the package itself and the link is already on the loading conscience.
For those who develop closed applications or single packages, for the sake of which it is not advisable to start a new PPA, this may be a fairly good solution, but so far security issues have not been worked out.
Source: https://habr.com/ru/post/151405/
All Articles