Ubuntu devs to get 15-min code review, full SDK love – Canonical
Faster, smoother, sandboxier
Changes in Ubuntu will speed up the process of building apps and getting them approved for Software Center - but they could leave you more tied into the Linux distro’s software development kit (SDK).
Canonical has said it is changing the way packages – another name for the apps that make the basic operating system interesting – are developed, downloaded and managed by penguins.
The company is also rolling out further sandboxing to contain naughty third-party apps and rogue code and to streamline the process for getting packages approved for download from the Ubuntu Software Center.
For better or worse, though, it sounds like you’ll have to use the Ubuntu SDK instead of cross-platform widget toolkits such as GTK or QT – hard luck for those of you who love your GIMP.
Ubuntu community manager Jono Bacon here revealed future versions of Ubuntu will feature something called "click packages" – a means of automatically wrapping up your project’s code simply by pressing a button available inside the Ubuntu SDK.
It seems the click packages will be used instead of the Debian packaging format –
.deb – used primarily for building the operating system.
The maintenance of Ubuntu packages is being turned into an online service, too, according to Bacon, and click packages won’t include full dependency resolution.
Currently, packages are synched when you update using apt-get that checks back with the Ubuntu archive. Obviously the more packages, the more complicated and slower it is to identify and solve dependency conflicts.
From now on, all dependency will be on the Ubuntu SDK. “With a click package the software simply depends on the Ubuntu SDK. This means we don’t need to worry about all that complex dependency resolution: we know the dependency, the Ubuntu SDK,” Bacon said.
Further, information on those dependencies between different modules will be served and stored as a web service. “Instead of maintaining a list of packages on the system… they are on a web service. You need a connection to download the package anyway, so why not ask a service which packages are available?" Bacon wrote.
Full sandboxing is also being used to help simplify the process for developers uploading and updating their applications in the Ubuntu Software Center. Sandboxing is already provided in the Linux kernel and is on by default from Ubuntu 7.10 onwards using AppArmour.
According to Bacon, sandboxing will mitigate the need for a full code review of apps trying to get into the Ubuntu Software Center. This review process had been something of a bottleneck with the manual process swamped by new packages and new versions of existing packages that had to be individually vetted for clearance.
“This, combined with click packages not having maintainer scripts and complex dependency chains, makes reviews much easier and more efficient,” Bacon said. He promised review in less than 15 minutes, down from “multi-day” code reviews.
Click packaging and sandboxing is “largely complete” but the work on the latter is unlikely to appear until after the introduction of new display server Mir, Canonical’s replacement for the X Window graphic system currently used in Ubuntu. Bacon said Canonical is not investing in fixing keyboard sniffing in X.
Rather, the goal is for full implementation of Mir in Ubuntu 13.10, which will arrive in October this year – though there will be support for X if there are no Mir drivers – and for a default Mir stack by the 14.10 distro release in October next year.
You can get more technical detail on the Ubuntu website. ®
Sponsored: Today’s most dangerous security threats