Graphical Package Manager Support

[deeplow]

The problem you're addressing (if any)

The fedora template "Software" graphical installer does not work out of the box, despite being one of the default template shortcuts. This leads to terrible advice like enabling internet access to the TemplateVM.

The current way of installing software is through the terminal, which constitutes a terrible user experience, especially for someone just coming from a windows background.

Describe the solution you'd like

To solve this problem, a graphical software installer like fedora's "software" or debian's synapse or other alternative ones and allow them to connect to the internet through the updates proxy, for exmaple.

Where is the value to a user, and who might that user be?

Software installation is something users can't do without. And for people without IT or linux background it's a big usability challenge they will have to overcome. Even if later on they end up learning to use the terminal, it is important that they can do basic stuff like installing software, without having to learn to use the terminal.

Describe alternatives you've considered

Fedora's software, debian's synapse. But there are probably many other software "stores". But there is a problem with fedora's "software" program in the sense that is is not just a wrapper to DNF. It gets things like images and software description probably from redhat's servers, I would imagine.

Additional context

Discussion stemmed from the forum: GUI-only software installation: Thoughts? (fedora)

The following picture is what the user sees if they open the default "software" application on the fedora template. As you can see, it fails to fetch software because it can't reach the internet.

On the picture bellow you can see what the user sees after enabling internet connection on the TemplateVM

Contrast this with the daunting experience of opening a terminal for the first time and typing commands.

Relevant documentation you've consulted

• removal of mention of software installer from the docs: QubesOS/qubes-doc@4202598

Related, non-duplicate issues

[deeplow]

Crossposting here a preliminary "investigation" I did for the implications of enabling internet access to the fedora graphical software installer. And I'm sure this extends to other distro's installers that are more usable a than simple package manager command wrapper.

Potential user-related dangers

Updating to fedora-33 via "Software application"

As you can see on the picture bellow, there is an option to upgrade from fedora-32.

After testing a bit it seems the "restart and update" button gets stuck which prevents the user from completing the potentially problematic action. But this can lead to user confusion as the software didn't perform what was expected by the user.

User starts doing internet-related tasks on TemplateVM

note: as suggested by @unman, this would be solved by making the "Software" application go through the updates proxy by default.

Because in order to make this work, one has to enable internet access, it may be possible the user starts using stuff like a web browser on the template VM, which defaults their entire purpose.

Opening the browser by mistake

On the templateVMs we want to minimise as much as possible running software. And the browser is probably the most complex software that could be ran.

When visiting a particular piece of software's installation page, the interface present two buttons [website] and [Donate] which when clicked will open the browser.

Making it simple to enable third-party repos

The software center makes it extremely easy to enable third-party repositories. Which may not be desireable for the user from the security standpoint.

Potential technical risks

Increase attack surface (complex code)

Running a complex GUI application, can increase the attack surface.

Increase attack surface (internet access)

I don't know exactly how the software center for fedora works under the hood, but I can imagine there is much less scrutiny as to how the protocol works. For typical package mangers, the protocol is probably well defined and it can even work with mirrors, but with the software center, I can imagine it only fetches the images from one source, for example

[marmarek]

Technical reason why it doesn't work is #3815

[fepitre]

dnfdragora offers a built-in support into TemplateVM. As it uses dnf as backend, you can graphically manage your packages with it. I've posted a screenshot of it. It's clear and simple.

[deeplow]

I can confirm dnfdragora works without any extra modifications (it is likely a true wrapper for dnf). I can also confirm that for debian-based distros synaptic works as well (since it's just an aptitude wrapper)

For both of these, the user experience in not great, but I believe it's better than a terminal for novice users.

Ideally, there would be a program that is package manager agnostic so that some consistency across different distributions. Does anyone know of such a package manager?

@ninavizz you may have some thoughts on this.

[andrewdavidwong]

If this happens at all, I strongly recommend starting with one of these simple dnf/apt wrappers. In case the rationale is not already obvious, I'll make it explicit:

• The more complex the solution, the higher the security risk.
• The more complex the solution, the more time and work required, hence the less likely it is to get done and into users' hands any time soon.
• The perfect is the enemy of the good.
• Implementing something that is "good enough" for now does not prevent doing something better later. In the mean time, users can actually benefit from it.

[DemiMarie]

I second @andrewdavidwong on this.

[deeplow]

Just linking here to a user detailing this exact issue/frustration: https://qubes-os.discourse.group/t/new-user-feedback-running-into-walls/2784/3

[ninavizz]

Implementing something that is "good enough" for now does not prevent doing something better later. In the mean time, users can actually benefit from it.

If it is not a significant effort to implement something that is "good enough" that can give us a baseline to begin user research from, while also unblocking less technical users, I would also see this as a total win.

[andrewdavidwong]

FYI, @micahflee has just published "Qube Apps: a Flatpak-based app store for each qube", which looks very cool and might be of interest to folks here.

[rapenne-s]

I got GNOME software to work, it's a bit hacky though but I let you decide if it's something that could be shipped by default.

GNOME Software needs to have a default route to be happy -_-

#!/bin/sh

sudo ip link add dummy0 type dummy
sudo ip link set dummy0 up
sudo ip addr add 192.168.0.1/24 dev dummy0
sudo ip route add default via 192.168.0.2 dev dummy0

Attaching a network interface to the template but denying everything in the firewall also works, but this is bad compared to this solution.

[rapenne-s]

I opened an issue upstream https://gitlab.gnome.org/GNOME/gnome-software/-/issues/2336

[marmarek]

Does it use the updates proxy then? In the past it did not: #3815 (comment)

[rapenne-s]

Does it use the updates proxy then? In the past it did not: #3815 (comment)

Yes, of course. Packages are downloaded on lo0 by reaching http://127.0.0.1:8082

And anyway, the packages are pulled without the template being connected to the internet, so it can't get them by any mean but the proxy

The dummy interface is just thin air, it doesn't lead anywhere, doesn't connect to anything. I wonder if I can make a default route using 127.0.0.1, that would be even "better".

[rapenne-s]

Using ip route add default via 127.0.0.1 works!

[deeplow]

Using ip route add default via 127.0.0.1 works!

Incredible find. If this doesn't have unintended consequences, I would advocate for this to be put on 4.2. @marmarta tagging you so this is on your radar.

Having gnome software working would be such a quality-of-life improvement, especially with such a simple fix. Currently the docs instruct the users to temporarily connect the template to the internet.

[rapenne-s]

A cleaner fix was provided in this gnome-software issue https://gitlab.gnome.org/GNOME/gnome-software/-/issues/2330#note_1842682

mkdir -p /home/user/.config/environment.d/
echo "GIO_USE_NETWORK_MONITOR=base" > /home/user/.config/environment.d/fix.conf

[marmarek]

This indeed helps a bit, application gets installed. But at the end I got Unable to install "(null)" as not supported message.

And also, "updates" tab flashes every second, and in the background I see it queries PackageKit for available updates (this works), but also it complains about "Failed to get cache filename for emacs-filesystem". And updates-shell: failed to get upgrades: [*/*/*/fedora-pkgdb-collections/*] Failed to download https://admin.fedoraproject.org/pkgdb/api/collections/: Cannot resolve hostname: Error resolving "admin.fedoraproject.org": Temporary failure in network resolution.
I mean, it's expected it won't reach it, but it would be better if it either try once, or maybe disable this part?
The "Update" button doesn't seem to work - it changes to "Restart & Update...", but clicking it doesn't do anything either. Not even any error message.

Anyway, since this is clearly an improvement, I'll add setting this variable.