openSUSE BuildService Integration, Security and 150000 registered contributors

Posted by on Dec 17, 2009 in openDesktop.org | 13 Comments
openSUSE BuildService Integration, Security and 150000 registered contributors

openSUSE BuildService Integration
As you know KDE-Apps.org and openDesktop.org are repositories for KDE application. At the moment over 3600 KDE applications are listed on KDE-Apps.org.
You can search applications and rate them, add comments, become a fan of an applications subscribe to an application to get notifications about updates or use the integrated knowledge base system for the apps.
The problem starts if you want to download an app. Most apps are only available as source file or binaries for one or two distributions. It is a lot of work for the developers of the applications to compile and package the apps for every distribution.
So an end users can´t download an interesting KDE application from KDE-Apps.org most of the time and has to use the distribution package manager. But not all distributions provide all the available apps and not always in the most current version.
As you know the openSUSE build service is a great service for developers to automatically build and package software for most Linux distributions and even for Mac and Windows in the future.
Since over a year I talk with our friends from Novell about a possible integration of the Buildservice with KDE-Apps.org and openDesktop.org.
Today I can announce that the first step is finally done.
You can add your buildservice project and package id to your application on openDesktop.org and all the available packages for the different distributions automatically show up on the application page. I think this a good first step to help our users to get our great software and also make the life of the developers easier.
This is not the end of the road of course. Soon you will be able to upload you application directly from Qt-Create or KDevelop to KDE-Apps.org and the openSUSE Buildservice. The application will be build for all supported platforms and our users can download the apps via the KDE-Apps.org website or GHNS.
I´m really exited about this improvement.
What do you think?
Security:
In the last few days an old discussion about the security of third party packages for Linux heated up again. The problem is that we don´t have a good signing, sandboxing oder other security system for binary packages in Linux. Solutions as AppAmor or SELinux are not used at the important places. So it is a risk for the user to install packages from third party webites. You never know what you get and if the package is safe.
This is not a specific problem of the openDesktop.org sites. It is the same situation for packages from the openSUSE Buildservice, from Sourceforge, Freshmeat, Ubuntu PPAs or any other place.
So the question is what can we do to improve the situation. Markey already blogged about a suggestion for Amarok plugins. Having everything in a central repository is a good idea for Amarok but I´m not sure if this works for all kind of packages.
I will organize a BOF session at Camp KDE in January to discuss this problems with everybody who is interested. I´m sure we can come up with good solutions to fix this security problems.
Everybody is invited to join the discussion.
User registrations:
A few days ago we reached a new record of registered contributors. At the moment over 150,000 users are registered on the openDesktop.org site. This are all people who are contributors. User who are only interested in reading and downloading stuff don´t have to register. This is really impressive, expecially because we have 100 to 150 new registration every days.

13 Comments

  1. Fri13
    17/12/2009

    I like a lot about the idea. But how we could actually make sure that the “Black Ninja” and “Waterwall screensaver” thing does not happend again?

    The download should be signed and be visible only then when it is from upstream. Every other binary what gets uploaded by someone else would got a marking about being untrusted.

    Reply
  2. Bille
    17/12/2009

    I’ve added a link to the openSUSE Build Service for my app KNetworkManager (content=116884), but the download links don’t show yet, is there a delay between these being added to the app and the links appearing? If so could you add a note?

    Reply
  3. seli
    17/12/2009

    Something seems to be broken with it. I added the buildservice information to http://kde-apps.org/content/show.php/WMIface?content=40425 (project home:llunak:kde, package wmiface, which clearly exists), yet the kde-apps.org page shows only my manual links.

    Reply
  4. Frank Karlitschek
    17/12/2009

    The Buildservice Packages are updated every 30min. @Bille, @seli : The Downloadlinks are now visible. 🙂

    Reply
  5. Bille
    17/12/2009

    It’s showing the links for KNM now, but the openSUSE links to one-click install files (*.ymp) were broken due to a bug on the build service api server, that Adrian just fixed – so if these links on kde-apps.org are generated once then cached until the content changes, you should poke the script to rebuild them now.

    Reply
  6. Pedro Lopez-Cabanillas
    17/12/2009

    I’ve also added my build service project and ID for vmpk (content=88233). It was not clear if only the project name or the full URL is required. Looks like the full URL. The results are a bit confusing, with all the debuginfo and debugsource downloads interleaved and not clearly labeled. Nice feature, though.

    Reply
  7. Frank Karlitschek
    17/12/2009

    @bille It updates automatically every 30min. So the new links should be visible now. Is there a way to get more information about the packages like a description text for example? At the moment we show a lot of download buttons and it is not clear which on is the lang, debug, lib or other rpm.

    Reply
  8. seli
    17/12/2009

    Ok, now it shows, but there is room for improvement, both when entering the data (WMIface also builds for xUbuntu, but it doesn’t show in the list, so what is wrong there?) and when downloading the packages (right now it’s a “random” list of packages for different distros, maybe it should be grouped somehow).

    As for finding out more information from the build service, I suggest asking in a more suitable place than a blog :), like the opensuse-buildservice mailing list.

    Reply
  9. faye hunter
    17/12/2009

    Der Kommentar wurde von einem Blog-Administrator entfernt.

    Reply
  10. robermann
    18/12/2009

    Why xUbuntu and Debian packages are not shown in the download section?

    Reply
  11. Frank Karlitschek
    02/01/2010

    Are you sure that the Ubuntu packages are available at the buildservice? Can you give me the link to the page so that I can debug it?

    Thank you.
    Frank

    Reply
  12. Pedro Lopez-Cabanillas
    02/01/2010

    I am not Bille, but anyway KMid2 suffers the same problem. I’ve cooked a crude workaround, though.

    http://kde-apps.org/content/show.php/KMid2?content=116404

    http://download.opensuse.org/repositories/home:/plcl:/kde4/

    Reply

Leave a Reply