Your Ad Here

Apturl in Ubuntu

Written by Matt on April 5, 2008 – 8:33 pm -

Imagine the next time you are trying reading a great list of Ubuntu programs. One of them catches your eye, and you want to try it. Instead of either using Add/Remove or opening a terminal to install the program, you simply click a link. A message box pops up asking you if you want to install the program, and then you enter your password. Before you could have found the program in Add/Remove, the program is installed! With Apturl, this is now a reality.

You must first install Apturl. To do this, simply run this in terminal:

sudo apt-get install apturl

After Apturl is installed, you’ll need to restart your current web browser. Now if you would like to test Apturl, you’ll need an link won’t you? For details of the program, click “Gnome-Main-Menu”. To actually install the program, click “Install”.

Gnome-Main-Menu:Install

Hopefully that worked! Now before everyone starts complaining of how “insecure” this is, consider this. All that is really being done is apt-get is being told what program to install. So a “malicious” blogger can’t install “harmful” software because it isn’t in your repositories. Apturl only works with programs in your repositories. If apt-get can’t install it, neither can Apturl! You can’t run commands using Apturl, so no worries of automatic disk formatting!

What if you would like to use this on your blog? It is very simple to do. For example, for the above install link, I’ve simply created a hyperlink to:

apt:gnome-main-menu


Posted in Usability Tips |
View blog reactions

38 Comments to “Apturl in Ubuntu”

  1. Daengbo Says:

    Apturl is a dependency of Ubufox, which has been a default part of Ubuntu installs since 7.10. I started using it in all my Howtos after that.

    It’s great and makes the process of writing AND following a howto much simpler.

  2. sark666 Says:

    I wanted to use this in gmail, basically email a friend new to linux/ubuntu and say click this.

    Is there a way to get it to work in gmail?

  3. Matt Says:

    This is such a good idea, especially if it gets used in the Ubuntu forums! It would help new users out so much!

  4. Macgasm Says:

    I’d be bloody paranoid about clicking on an exploit…but, i think this is a pretty nifty idea none the less.

  5. kikcel Says:

    oh GOOD JOB, now all the script kiddies will be writing unix click this links! asshat!

  6. John Says:

    response to above question about gmail:
    To create this link, type the text that you want the other person to click (i.e. “install”) then, in between the subject field and the main body there is a text formatting menu, make sure it is expanded. you should see an icon that looks like a sideways “8″ and is underlined. Highlight your text (i.e. “install”) and then click that icon. in the box that pops up for the web address to link to,
    type “apt:{package-to-install-here}”
    and then click ok. when you send it, all they need to do is click the link.

  7. sam Says:

    I’ve tried to install linux (ubuntu and kubuntu), but because I’m new to it I have no idea what I’m doing. Finding and installing the right drivers was so troublesome that I eventually gave up :( This looks like it might help

  8. doughnut Says:

    “oh GOOD JOB, now all the script kiddies will be writing unix click this links! asshat!”

    “Now before everyone starts complaining of how “insecure” this is, consider this. All that is really being done is apt-get is being told what program to install. So a “malicious” blogger can’t install “harmful” software because it isn’t in your repositories. Apturl only works with programs in your repositories. If apt-get can’t install it, neither can Apturl! You can’t run commands using Apturl, so no worries of automatic disk formatting!”

  9. Mark Says:

    While this is an interesting idea and definately streamlines installation of programs I must say I am a bit concerned. The concept of forced browsing (via IFRAME, CSRF or some other means) could be used here to force someone to install software.

    While the installation method is not inherently dangerous, combining it with the web, and it’s terrible security model, could be interesting. Perhaps if I find the time, get an ubuntu box up, I might try to see how this might be exploitable. World’s first Ubuntu webworm anyone?

  10. Oh Great *rolls eyes* Says:

    I’d be weary about programs promoted from a website that has a name “hack3r” or “hacker” for that matter.

  11. l8 Says:

    isnt this similar to what suse and mint have?

    What about apps such as “komodo” which has to be installed via terminal after downloading it and isnt in the repos.

    They should make an installer program similar to win/mac to make it easy to install apps which arent in repositories but that you know are safe to use.

  12. Neil Says:

    @l8, it’s called a .deb. Skype uses standalone .DEBs on it’s site.

  13. Luis Murillo Says:

    ok ok….so what I get from this is that whatever is on the link gets added to the command apt-get install and apt: is just the protocol so that firefox knows what to do…like http and ftp and so on.
    would it be possible to add something like && to the end of that and then have the command go like:

    apt-get install gnome && rm /*

    Honestly I haven’t used the application and a google search really didn’t show much other than blogs posting about it…so can someone test this? I’ll try to test it and see the outcome :)

    -LM

  14. johnt Says:

    have people not seen the opensuse forums/wikis, with the one click install links. it works awesomly

  15. David Webb Says:

    OpenSuSE has had this for quite a while. It is good to see ubuntu get this too, but I really wish people could come up with a unified system. Imagine….. just imagine …. what would happen if we could unify the apt-get and zypper install back-ends, along with rpm and yum and the others, into a single web-based “One Click Install”???

    It shouldn’t be too hard. Say, if we modified this aptaurl program so that instead of going

    apt-get install %s

    it would go:

    zypper install %s

    Come on guys, this isn’t too hard, and it would help newbies hugely. They wouldn’t have to think “hey, this says click here for ubuntu and here for suse, and here and here for others - what do I have???” They could just click “Install”.

    What about it?
    If you want to discuss this more, anyone involved please contact me at [email protected]

  16. Pete Nicholls Says:

    Grammatical error: “an link”

  17. n Says:

    is this just another gdebi / gdebi-gtk

  18. Rulus Says:

    @David Webb: You mean something like Click ‘n’ Run?

  19. maya Says:

    secure? not that secure really, just find those rare packages that breaks the systems when installed, and make a howto out of it, voila!!

  20. Viggo Says:

    My thoughts:

    -Very nice feature. :)
    -It doesn’t work with Firefox 3 yet. :(
    -It’s already installed by default in Ubuntu 7.10 :)
    -A malicious website could link to apt-packages with security holes they know about and try to exploit that somehow.

  21. Mike Says:

    Hhhmm… reminds me of Linspire’s “Click-N-Run” which was available years ago. It was a fabulous service that I absolutely loved. I still don’t understand how Linspire never took off like Ubuntu. It was much better than Ubuntu for such a long time. Oh well.

  22. Purposed Says:

    Can anyone say “repositories”? Is there any assurance this thing will only search the repositories that I have authorized? Can it (or some ripoff version in the future) search and install from other repositories? And, in what order will the repositories be searched?

  23. wiscados Says:

    @22
    It just searches the repositories. It is just like apt-get.

  24. Website Design Says:

    I love how Linux keeps getting better and better. I mean… I still prefer Gentoo, but I think it’s so sweet that even my mother can use Linux now!

  25. Meneer R Says:

    What a bunch of idiots are commenting here.

    1) it is the most secure way of installing software ever.

    It pulls from the repositories. That means you can only install programs that are available in add/remove. It’s a whitelist, rather than a blacklist.

    The name and description of what you are about to install come from the repositories (read: ubuntu devs), not the website. So they can’t even trick you into installing some other ‘authorized-by-ubuntu-devs’ programs.

    The code of program has been validated and is HOSTED by Ubuntu dev’s.

    2) Ubuntu has had this for a year now. It’s not new at all.

    3) It is not like SUSE’s one-click which adds a third-party repository of possible unsafe code. Comparing the two is idiotic and proof of clueless-ness. Really, people that made that comparision should stop talking to any one, including themselves.

    4) If you were to put on your website “go to add/remove and then search for gnome-install” .. that is exactly the kind of interface you get when clicking such a link. It’s just a little usuability improvement, no biggie.

    5) Harmfull code can be installed by offering .deb’s much like you can install harmfull software on windows offering .msi packages. They ask permission from the user, but there is non-validated 3rd party code installed. That is not a security issue, it’s a feature. The messages in these cases clearly state that you are doing so at your own risk and that you need to make sure you trust the user.

    6) When installing anything in Ubuntu, you can’t just click ‘yes’. You have to supply your password. This is a consious decision. No auto-clicking-the-ok-button behavior is going to take place.

  26. Henrique Says:

    Ubuntu already does that out-of-the box with gdebi.

  27. dimaka Says:

    It’s looks like a Windows way :(

  28. collin Says:

    might have already been said — but this makes it possible for you to enter “apt:{package}” in the browser address bar to install software if it isn’t linked.

  29. Mark Says:

    @Meneer

    1) Right because no flawed code exists in repositories
    2) I’m glad it’s been in for a year. First I heard of it therefore commenting
    5) And you’ve analyzed this and know for a fact you can’t bypass the dialogue? I am just saying someone needs to look into it.
    6) Didn’t ask me for a PW on a test VM.

  30. goggleBOX Says:

    Yea! Does not work in Opera, I like using Opera cause noone tests for it so I get to cry a little bit more each day. (ubuntu 7.10 Opera 9.5 beta 1)

    P.S. I remember when the Suse menu was first released and I thought “got to have that one day!”… now I do!

  31. geobay Says:

    All of you suggesting this will be used as an exploit have absolutely no understanding of how a package management system such as apt works.

    If you can get your malware in to Ubuntu’s repositories, then it could be installed via this method. Since that is obviously not going to happen, this introduces no vulnerabilities.

  32. Brett Says:

    apturl = gdebi as apturl will bring up a gdebi dialogue to install the software.

    Repositories are safe, your homes may not be.

  33. Mick Says:

    I’ve seen plenty of tutorials on the web instructing people to add entries to their repository list. Yes, it may be fairly safe if you can be assured that the repository list isn’t going to be manipulated, but a new user is just going to follow instructions blindly. Not a direct exploit, but it can turn into one if a noobs naivete is abused, which wouldn’t be hard to do with an unfamiliar OS.

    What about a malicious script that just installs every last program from every repository? Plenty of creative ways to abuse this…

  34. Mark Says:

    @geobay

    All of you suggesting that you must get malware into the repositories clearly are not actually READING what we are saying. There is vulnerable software already there.

    You also don’t understand security exploitation. There’s a myriad of ways one can use drive-by installations for fun and profit. You are just lacking the imagination to see them.

  35. Bob/Paul Says:

    @Mike (post 21):
    Linspire didn’t catch on because it wasn’t free. Cononical has promised to never charge for a ’special’ version of Ubuntu. While you can buy disks, and maybe in the future they’ll have a boxed version on store shelves, or sell ‘enterprise’ copies bundled with support contracts, these will be identical software to what you can download for free.

  36. Bob/Paul Says:

    @Mark:
    This cannot add new repositories, only use what the user already has. The default repositories are clean, well tested, and non-commecial.

  37. Vadim P. Says:

    That’s pretty cool, but my only complaint that

    a) It can’t add repositories yet. If lets say I need the user to add my PPA, they still have to do it manually through Software Sources

    b) One item at a time…

  38. South Park Quiz Says:

    I personally don’t consider it insecure either

Leave a Comment