Ubuntu’s developers will likely continue working on the Snap package format and associated tools, so we’ll likely see more command-line options for working with Snap packages in the future. If you’re interested in creating your own.snap packages, consult Ubuntu’s Snap documentation for more details.
This repository contains Snaps, a Flatpak, Windows packages, and a Docker Image.
Snap and Flatpak are cool new waysof distributing Linux applications among a wide range of different distros. Theyare technologies to deploy applications in a secure, sandboxed and containerised way.
Ubuntu Snap Packages
- John the ripper, a password auditing software: check John the Ripper for more details. See the Installation notes.
- IRPF, a Brazilian government tool: check this text for more details.
- Namebench, a benchmark tool: check namebenchfor more details.
- B1, a file archiver: check B1 for more details.
All the Snap packages are built using a build server. At this moment, I'm usingLaunchpad to build the Snap packages.
Anyone can get, for free (as in beer), the reviewed packages from uAppExplorer. Despitethe fact it is an unofficial repository, all packages are hosted and reviewed(automatically) by Ubuntu.
Flatpak Package
- John the Ripper also has a Flatpak package available. Click herefor more details.
At this moment, I'm using FlatHub and GitLab to build the Flatpak package.
Windows Package
- John the Ripper also has a Windows package available. Click herefor more details.
At this moment, I'm using AppVeyor CI to build the Windows package.
Docker Image
- John the Ripper also has a Docker image. Click herefor more details.
At this moment, I'm using Travis CI to build the Docker image.
Testing
Using multiple providers, I've created my DevOps infrastructure. I am mostly interestedin quality assurance, CI (continuous integration), and CD (continuous delivery). To achievethis goal, my testing scheme builds and inspects the source code of John the Ripperusing:
- Microsoft Windows:
- Windows Server 2012 R2 Datacenter (6.3.9600 N/A Build 9600);
- Windows Server 2016 Datacenter (10.0.14393 N/A Build 14393);
- Windows Server 2019 Datacenter (10.0.17763 N/A Build 17763);
- Unix®-like BSD:
- FreeBSD 11 (11.2-RELEASE);
- FreeBSD 12 (12.0-RELEASE);
- MacOS:
- macOS 10.13 (Darwin Kernel Version 17.4.0);
- macOS 10.14 (Darwin Kernel Version 18.5.0);
- Linux:
- CentOS 6, Ubuntu 12.04, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 19.04, Ubuntu 19.10(devel), and Fedora 30;
- Compilers:
- gcc 4.4, gcc 4.6, gcc 4.8, gcc 5.4, gcc 7.2, gcc 7.4, gcc 8.3, and gcc 9.0;
- clang 3.9, clang 4.0, clang 5.0, clang 6.0, clang 7.0, and clang 8.0;
- Xcode 9.4; Apple LLVM version 9.1.0 (clang-902.0.39.2);
- Xcode 10.2; Apple LLVM version 10.0.1 (clang-1001.0.46.4);
- Builds:
- SIMD and non-SIMD builds;
- OpenMP and non-OpenMP builds;
- LE (Little Endian) and BE (Big Endian) builds;
- ASAN (address sanitizer) and UBSAN (undefined behavior sanitizer);
- Fuzzing (https://en.wikipedia.org/wiki/Fuzzing);
- MinGW and Wine on Fedora Linux;
- CygWin on Windows Server;
- OpenCL on CPU using Apple, Intel, and POCL (http://portablecl.org/) runtimes;
- OpenCL on GPU using Azure cloud (work in progress);
- And a final assessment using ARMv7 (armhf), ARMv8 (aarch64), PowerPC64 Little-Endian,and IBM System z.
Plans and future vision:
- Develop a fully automated build and release pipeline using Azure DevOps Servicesto create the CI/CD pipeline and Azure Services for deploying to development/staging andproduction.See the release workflow here.
Supported and Tested SIMD Extensions
Architecture | SIMD |
---|---|
ARM | NEON, ASIMD |
PowerPC | Altivec |
S390x | SIMD is not supported |
x86 | AVX512BW, AVX512F, AVX2, XOP, AVX, SSE4.2, SSE4.1, SSSE3, SSE2 |
Development Builds and Artifacts
Provider | OS | Artifacts |
---|---|---|
AppVeyor CI | Windows | ✓ Build artifacts available |
Azure | Linux and Windows (plus OpenCL) | ∅ Under development |
Circle CI | Linux | ✗ No build artifacts |
Cirrus CI | FreeBSD | ✗ No build artifacts |
GitLab CI | Linux (FlatPak app) | ✓ Build artifacts available |
LaunchPad | Linux (Snap app) | ✓ Build artifacts available |
Travis CI | Linux and macOS | ✗ No build artifacts |
Security
Please inspect all packages prior to running any of them to ensure safety.We already know they're safe, but you should verify the security and contents of anybinary from the internet you are not familiar with.
We take security very seriously.
License
GNU General Public License v2.0
There is no review process or central restrictions on who can upload to the Ubuntu Snap Store, so in a sense, this isn't surprising. https://docs.snapcraft.io/build-snaps/publishDoes the name 'Ubuntu Snap Store' carry a connotation that code is reviewed for malware by Ubuntu, the way that the Apple, Google, Amazon, etc. mobile app stores are? Or does its presence in the software center app imply a connotation that it's endorsed by the OS vendor?
I was at a PyCon BoF earlier today about security where I learned that many developers - including experienced developers - believe that the presence of a package on the PyPI or npm package registries is some sort of indicator of quality/review, and they're surprised to learn that anyone can upload code to PyPI/npm. One reason they believe this is that they're hosted by the same organizations that provide the installer tools, so it feels like it's from an official source. (And on the flip side, I was surprised to learn that Conda does do security review of things they include in their official repositories; I assumed Conda would work like pip in this regard.)
Whether or not people should believe this, it's clear that they do. Is there something that the development communities can do to make it clearer that software in a certain repository is untrusted and unreviewed and we regard this as a feature? The developers above generally don't believe that the presence of a package on GitHub, for instance, is an indicator of anything, largely because they know that they themselves can get code on GitHub. But we don't really want people publishing hello-worlds to PyPI, npm, and so forth the way they would to GitHub as part of a tutorial, and the Ubuntu Snap Store is targeted at people who aren't app developers at all.