Hi, At $DAYJOB, I'm maintaining a few repositories with ready-to-install packages for a number of distributions[1]
Currently, the instructions[2] say to do the following: - Download and install an "eid-archive" package, which contains the GPG keys and generates a sources.list.d file for the repository; - Run "apt-get update"; - Install the "eid-mw" and/or "eid-viewer" packages. This works, but it has a number of downsides: - The second step, "run apt-get update", is often overlooked; this seems to be the case especially for users of Ubuntu, where the default handler for installing packages is the "Software Center", a GUI software management tool that doesn't have any UI element for doing (the equivalent of) apt-get update - There is no trust path from your already-installed distribution to the "archive" package (yes, I did sign the gpg keys; no, I don't consider that enough). - It still requires users to manually install packages. I note that other third-party developers often provide a single debian package that can be installed, where the binary package itself already contains repository configuration that gets installed. This method works for application software, but (as in my case) if the intent is to provide a library that wants to support multiarch, this approach doesn't work. There is add-apt-repository, which presumably works, but: - It doesn't solve the "trust path" issue for third-party repositories, (except, *maybe*, for PPA's, but that's Ubuntu, not Debian, so doesn't solve my problem) - It doesn't remove the "manually install" requirement - I don't believe it solves the "user didn't do the apt-get update" step, although I haven't checked in detail. Do we have anything better, or should I try to come up with something myself? [1] specifically, https://files.eid.belgum.be/ [2] http://eid.belgium.be/en/using_your_eid/installing_the_eid_software/linux/ -- It is easy to love a country that is famous for chocolate and beer -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26
signature.asc
Description: Digital signature
