https://mullvad.net/en/help/install-mullvad-app-linux
Trying to install VPN and these are the instructions Mullvad is giving me. This is ridiculous. There must be a more simple way. I know how to follow the instructions but I have no idea what I’m doing here. Can’t I just download a file and install it? I’m on Ubuntu.
It’s less complicated than it looks like. The text is just a poorly written mess, full of options (Fedora vs. Ubuntu, repo vs. no repo, stable vs. beta), and they’re explaining how to do this through the terminal alone because the interface that you have might be different from what they expect. And because copy-pasting commands is faster.
Can’t I just download a file and install it? I’m on Ubuntu.
Yes, you can! In fact, the instructions include this option; it’s under “Installing the app without the Mullvad repository”. It’s a bad idea though; then you don’t get automatic updates.
A better way to do this is to tell your system “I want software from this repository”, so each time that they make a new version of the program, yours get updated.
but I have no idea what I’m doing here.
I’ll copy-paste their commands to do so, and explain what each does.
sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list sudo apt update sudo apt install mullvad-vpn
The first command boils down to “download this keyring from the internet”. The keyring is a necessary file to know if you’re actually getting your software from Mullvad instead of PoopySoxHaxxor69. If you wanted, you could do it manually, and then move to the /usr/share/keyrings directory, but… it’s more work, come on.
The second command tells your system that you want software from repository.mullvad.net. I don’t use Ubuntu but there’s probably some GUI to do it for you.
The third command boils down to “hey, Ubuntu, update the list of packages for me”.
The fourth one installs the software.
Thanks for the explanation. However trying to run the first command gives me sudo: curl: command not found
So I’m stuck right there in the first step lol
I would have guessed that Ubuntu would install it by default since its a very common way to get stuff from the internet (when in the terminal), but apparently not (the other option is
wget
which is most likely installed, but that uses a different way to get the stuff).You should be able to install curl with
sudo apt install curl
My fresh Debian install didn’t have that too and I thought it came with the installation
Debian doesn’t even come with sudo, git or curl by default. It’s kind of minimal on purpose.
It always throws me off on a fresh install when I can’t sudo
I didn’t know that any distribution comes with git preinstalled.
That should be easily solved with:
sudo apt install curl
You have two options: install
curl
(check @TrickDacy@lemmy.world’s comment) or do it manually. Installing curl is the easiest.If you want to do it the hard way (without the terminal), here’s how:
- Download the file
https://repository.mullvad.net/deb/mullvad-keyring.asc
from your web browser. - Open your file browser as administrator. There’s probably some link for that in the Menu.
- Move the file that you just downloaded to the directory
/usr/share/keyrings/
Really appreciate your replies dude. So many are being a bit of an jerks here, but you (and few other) have been really helpful.
You’re welcome.
I think that people being jerks take for granted how confusing this might be, if you’re new; we (people in general) tend to take vocab that we already know for granted, as well as solutions for small problems. …except that it doesn’t work when you’re starting out, and we all need to start out somewhere, right.
Yeah, once you work in Linux for so long seeing someone ask about curl missing is really easy to take for granted that we all started there, we’ve all been fresh on Linux. A lot of people take pride in their experience, but they shouldn’t lord it over those who are learning to advance themselves. It’s completely counter to why Linux even exists.
- Download the file
curl is a good tool to have in general, you can install it with sudo apt install curl
Wow, interesting. You may be able to install curl to fix that like this:
sudo apt-get update sudo apt-get install curl
Can’t hurt to try
sudo apt install curl
sudo apt install curl
It seems that tou dont have curl installed. It should be in the default repos so try running
sudo apt-get install curl
That should install curl. Then try the commands again.sudo apt install curl
This is a great explanation. And really well written. Thank you for taking the time to put it together
I love this community because of responses like this.
Any instructions that say sudo curl should be thrown out immediately.
Is curl so untrusted that you would prefer to use 3 commands (one which still needs root permissions) instead?
The point is that an HTTPS request does not need root permissions. Other steps might, and that’s indeed high risk.
The curl that ships with apt is ubiquitous enough that I trust doing
sudo curl xxx yyy
more than enough if it means avoiding typingcurl xxx /tmp/yyy && sudo mv /tmp/yyy yyy
Agreed it’s not best practice. But when somebody is saying the individual step-by-step is too complicated, you want to give them the simplest command possible. Even if it is more risky. It’s a trade off of accessibility versus complexity
Hmm… ProtonVPN team solved this in better way. They put the repo configuration stuff into DEB file, so it’s just a matter of double clicking it and clicking install on Debian-based and Ubuntu-based (I know Ubuntu is Debian-based) distros and then installing the ProtonVPN client through either GUI or CLI package manager, whichever you wish to use. More newbie-friendly.
Unfortunately, I also just learned they dropped support for Arch Linux :(
We’d love to support the new app for arch Linux but honestly we’re understaffed and don’t have the bandwidth to be supporting the same distros that we did before with the previous client (4 packages before vs 10 packages now). If anyone from the community is willing to make AUR packages for themselves and publish/maintain them we’re totally fine with that, as long as people keep in mind that it would be an unofficial version because we currently don’t support arch Linux with the new v4 app.
Also if anyone’s interested: https://boards.eu.greenhouse.io/proton/jobs/4140067101
Hmm… ProtonVPN team solved this in better way. They put the repo configuration stuff into DEB file, so it’s just a matter of double clicking it and clicking install
I was wondering how they’d solve signature checking and key installation - and looking at their page they seem to recommend skipping checking package signatures which, to be honest, isn’t a super good practice - especially if you’re installing privacy software.
Please don’t try to check the GPG signature of this release package (dpkg-sig –verify). Our internal release process is split into several part and the release package is signed with a GPG key, and the repo is signed with another GPG key. So the keys don’t match.
I get it’s more userfriendly - and they provide checksums, so not a huge deal, especially since these are not official Debian packages, but the package signing has been around since 2000, so it’s pretty well established procedure at this point.
to be fair all of that should be a flatpak you click once to install
Frankly in this case even a simple bash script would do the trick. Have it check your distro, version, and architecture; if you got curl and stuff like this; then ask you if you want the stable or beta version of the software. Then based on this info it adds Mullvad to your repositories and automatically install it.
nowadays they always come across as lazy to me, when a bunch of options are available to make installing software on linux painless.
I like them, even for software installation. Partially because they’re lazy - it takes almost no effort to write a bash script that will solve a problem like this.
That said a flatpak (like you proposed) would look far more polished, indeed.
oh i meant devs who provide packages but don’t bother with install scripts.
bash scripts are fine when they exist.
Ah, got it. My bad. Yeah, not providing anything is even lazier, and unlike “lazy” bash scripts it leaves the user clueless.
So usually people do install Linux software from trusted software repositories. Linux practically invented the idea of the app store a full ten years before the first iPhone came out and popularized the term “app.”
The problem with the Mullvad VPN is that their app is not in the trusted software repositories of most Linux distributions. So you are required to go through a few extra steps to first trust the Mullvad software repositories, and then install their VPN app the usual way using
apt install
or from the software center.You could just download the “.deb” file and double click on it, but you will have to download and install all software security updates by hand. By going through the extra steps to add Mullvad to your trusted software repository list, you will get software security updates automatically whenever you install all other software updates on your computer.
Most Linux distros don’t bother to make it easy for you to add other trusted software repositories because it can be a major security risk if you trust the wrong people. So I suppose it is for the best that the easiest way to install third-party software is to follow the steps you saw on the website.
Some .deb packages actually include their repository and they can then be updated via the package manager. An example for this is the Vivaldi .deb.
Download the .deb and double click it. https://mullvad.net/en/download/app/deb/latest
People seem to be making this a more difficult job than it needs to be. Yeah I get we’re powerusers but can’t we drop that for 2 minutes while giving advice so a new user can actually get a job done quickly? Windows EXEs don’t automatically update either. Sure it might not be the best way to do it but it’s fast and not confusing. (EDIT: Apparently this specific program actually has it’s own auto updater)
Things take time to learn. Throwing all of the existing knowledge of repo management at a new user at once does not work.
It’s funny how quickly Lemmy turns on a dime between “Linux is easier than Windows” in threads about adopting Linux to “spend some time learning the terminal” when presented with a question that should be a single click (installing an app).
Before the hate train starts, I’ve been using Linux off and on for 30 years now. And I still struggle with making distros do things that shouldn’t be that hard because they aren’t hard in Windows.
In this case, to do the exact same as Windows, it literally is just a click.
To auto-update from a repository, it’s a similar deal in Windows.
In this case, they’re the same. Repos are preferred in GNU/Linux and installers in Windows, but both can do both.
Probably better to link the downloads page, rather than the direct download link: https://mullvad.net/en/download/vpn/linux
That’s not how you do it.
Click ‘Downloads’ on the Mullvad website.
Scroll to the bottom section ‘Unable to use the app’
Click ‘OpenVPN’.
Download OpenVPN config.
You already have OpenVPN installed, skip all fancy installation steps.
Click network settings in the taskbar, ‘New connection’, ‘OpenVPN’, ‘Import configuration’.
Turn on your new VPN connection. Done.
why tf wouldn’t OP be better served by a provided repo? Literally a add it to the sources.list and never think about updates again.
Because installing some random app is worse than simply using pre-installed system service.
Both are security audited, but I’d still rather trust OpenVPN.
It seems Mullvad has the OpenVPN option tucked away as the very last option even though OpenVPN seems to be the easiest method. Why is that?
Because OpenVPN lacks the most important feature of them all - it will not remind you to top up your account balance.
Because they want to lock you into their app and make you think VPNs are complicated so you actually pay for the service.
As I’ve heard it, wireguard is much more secure.
More Performant, yes. More Secure? Not sure about that
I went with OpenVPN because it’s installed on Ubuntu by default. Wireguard needs one extra apt-get command.
I don’t think that Wireguard is more secure, its’s simpler and thus easier to audit, but OpenVPN was audited to the gills already.
THIS!
Not one more repository to add, sign, reload at each update. And can get compromised.
Not one more piece of software to run that may, or may not, run properly (looking at you ProtonVPN)
Just download the wireguard or openvpn configs to some desired exit points, load them into NetworkManager as described, and BINGO you have an integrated way of switching desired location, a visual icon in the taskbar confirming your status, and no extra hassle.
Did you know that qbittorrent can be told to only work if the VPN is on? There are places where it matters.
And to answer your question, no, that is not normal. If a piece of software isn’t available for your distribution, then consider finding another. Like, here, using NetworkManager to do the job!
As others have mentionned downloading the .deb and running it will also work, but I feel nobody gave your a tldr of why you may want to follow those instructions instead, so here it is:
Those instructions configure your package manager (apt) with a new repository for this application.
The upside to that is that anytime you will look for updates, this app will also get updated.
It’s a bit more work up front, but it can pay off when you have dozens of app updating as part of normal system operations.
Imagine a world where windows updates would also update all your software, that’s what this is.
Also, no, this is not an ideal way to do this. Ideally every package you want is in your distro’s repos so you’d just need to do “apt install [package]”.
The reason this one isn’t is because mullvad wants to make sure you use their tested, secure, and updated version and they don’t want to maintain that for every distro. So they have you configure your package manager to use their repos.
This is relatively uncommon to come across in Debian. You’ll normally only find it in security applications or very niche ones. The Debian repos aren’t the most comprehensive but they’ll contain the vast majority of common softwares.
The comment section here is a perfect example of why people don’t use Linux
You got that right. So many contradictory comments for such a simple question.
That said, Linux for home use is a hobby and hobbyists expect a certain level of interest and basic commitment to learning. Also, the Linux community is a bit anti-Windows. So, coming on a Linux forum and complaining that a simple Linux task is too hard, basically because it isn’t Windows and you didn’t bother to read any documentation, pushes ALL the Linux nerd buttons, LOL.
Imagine going on a boardgame forum to complain that some super popular game is dumb because it isn’t like a video game, and too complicated even though you didn’t bother to read the game rules.
As a board game hobbyist, that happens all the time. Our community generally makes an effort to direct them to games with a lower weight and easier rules and encourages them to keep playing to grow the hobby.
That’s not at all what happens with Linux.
Can you recommend any good forums to look for board games?
BGG is all you need
Don’t they just make a joke about Patchwork and move on?
This comment here is a prefect example of being unhelpful and inflammatory.
You added nothing to the conversation but instead tried to be “clever” by doing the same tired old “angsty Linux vs. Windows shtick” that’s been around for as long as GNU/Linux was a thing.
Other people at least offered an explanation or suggestion.
No, he’s 100% correct
100% correct about what? That people trying to offer different bits of advice/explanations are driving people away? Even if some of the advice is not the best/contradict one another, it’s still support being given to another user.
Comments like these don’t say or do much of anything. They just finger wag and scold people for not being the “100% best Linux representative” they can be. Believe it or not, people who are in Linux communities aren’t a monolith of perfect technological wisdom and understanding.
My problem isn’t even with the basis behind the comment which I actually somewhat agree with. It’s just framed in a cowardly way that obnoxiously blames community members for driving people away.
So yes comments like these are useless and the people who make them are lazy.
Clearly, for you, it’s a bitter pill. I get it.
It also fundamentally misunderstands why Linux has such low adoption rates at the desktop. It has much more to do with Windows being ubiquitous in desktop enterprise environments than Linux. MacOS is by all accounts even more intuitive and easier to understand than Windows with a greater selection of native programs than Linux on top of having billions of dollars at their disposal for advertisement, but you’re not exactly seeing MacOS hit >60% of desktops.
Overall, for a thread that’s supposed to help a newbie, this thread has a surprising amount of bad info. From saying Debian doesn’t come with sudo (completely untrue, the Debian installer has an option of adding the user to sudo when most distro installers just add the user to sudo automatically) to saying installing MacOS programs is simply clicking on an icon (not really true either since the only time you’re clicking on shit to install things on MacOS instead of using the store is if you’re installing third-party software, in which case you have to dig through menus).
+1 there is something nice about just downloading and double clicking an exe.
Maybe they should have a common file format for all distro that extracts, etc. for the current distro. I thought that was flatpak, but idk.
They have the .deb at the top of their download page, no need to install the PPA repository if you don’t want. You can’t get any more than “just downloading and double clicking an
exedeb” than that on Ubuntu.I will admit though, I wish there were an easier way to install PPAs.
This is one of the hardest walls for people to jump over mentally, from scavenging the internet for binaries to using a package manager.
I think ideally one should understand what they’re doing, I think that if you did you would realise it’s not hard, just different from what you’re used to. Usually you install things using the graphical package manager, of which there are a lot, since I don’t know which one you are using nor have I used any of them in a long while, I’ll use the terminal as an example (same reason the site uses terminal commands), but all of this is almost assuredly possible via GUI.
To install things you usually do
sudo apt install
, this is a huge advantage on Linux, it works similar to your phone in that everything gets updated together but also it installs dependencies separately, which means that instead of having 10 copies of the same library for 10 programs that use it (like on Windows) you get a single one, which is part of the reason binaries are smaller on Linux.The problem with this approach is that some programs are NOT listed there, the only programs there are the ones the maintainers of your distro (Ubuntu in this case) can review and approve. So you can have a lot of different solutions for this:
The first and most obvious for Windows users is to download the .deb from the website and just run that like you would a binary on windows, i.e. double-clicking it, or from the terminal you can run
sudo dpkg -i
. This works, but you lose the advantages of a package installed via your package manager, i.e. you would get the same experience as on windows, so it’s not ideal.The second way is the one they’re describing, essentially you’re adding a new repository to the package manager, that the people who wrote the program are maintaining (instead of Ubuntu guys), this is a two step process,
sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc
that command is downloading the filehttps://repository.mullvad.net/deb/mullvad-keyring.asc
and putting it in/usr/share/keyrings/mullvad-keyring.asc
, this is needed because repositories are not trusted by default, that would be a security nightmare, you can do this via GUI if your problem is with the terminal , just download the file and copy it to that location, it’s just harder to explain than giving you a command. Then it’s adding the repository to the repository list, the command isecho "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
that command has a lot to unwrap, in essence it’s editing the file/etc/apt/sources.list.d/mullvad.list
and writing a line likedeb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=amd64] https://repository.mullvad.net/deb/stable focal main"
there, but because the guy who wrote this doesn’t know your architecture (e.g. amd64) nor your version (e.g. focal) he wrote a command that gets that information from your system, you can instead write the file yourself if you know those. Then install via package manager as normal.There’s a third way which is more recent which is install via snap/flatpak which is similar to install via package manager, except you don’t add new repos.
There’s a fourth way which is manually, usually when you compile stuff you install them manually.
I know it’s a lot to take in, but I’m of the opinion that if you understand what’s happening it makes things easier.
The problem is that for most users, when their setup is completed they won’t need to play with it for a while so after that any time they need to install something new through the terminal it means losing time to find instructions again.
Nothing is learned, to the eyes of a casual users it’s just meaningless entries getting copy/pasted and it’s information getting repeated again and again and again just with slightly different entries for each program. Meanwhile “how to install a program on Windows” would basically require one page on the whole internet to cover 99% of situations: “Download the install file, double click it, follow the on screen instructions to automatically install the program”.
The problem is that for most users, when their setup is completed they won’t need to play with it for a while so after that any time they need to install something new through the terminal it means losing time to find instructions again.
Which is why it’s better to understand what you’re doing than blindly copying pasting. You won’t need to remember these since whatever you want to install if it’s not on the repos you’ll have to google it same as if you were on Windows.
Also on Windows the steps are: Download the install file, double click it, follow the on screen instructions to automatically install the program, then every week or so go back to the website, check if a new version was released, if so download it and install it again. If the configuration would be destroyed by doing this first, make a backup first, if the new version is not backwards compatible for configuration move the existing configuration changes so that you get the new default after install and can apply your changes afterwards.
That’s closer to the truth, and you need to do that weekly for every one of the dozen or hundreds of programs a person has, no wonder people don’t update their programs on Windows and become susceptible to lots of exploits over time.
Also, read my option 1, which is what most websites offer you first, i.e. download a .deb and run it which is the equivalent of Windows, with all of its downsides. For example if you go to that website that OP posted and click on downloads you can select Windows, Mac or Linux, and you can download an installer that way and be done with it. But only Linux has a better option that takes a couple more steps but saves you lots of time in the future.
then every week or so go back to the website, check if a new version was released, if so download it and install it again
Don’t know what kind of program you’re running but… No.
Also if you want adoption you need to make your product easy to use and not ask them to become experts at how things work. Do you think all bike riders know how to adjust their derailer or even care to know? No, because people have other things they care about. Same guess 6 for computers, if Linux requires users to understand how to do things manually in the terminal then the “year of the Linux computer” will never happen.
the “year of the Linux computer” will never happen.
It won’t, that’s fine. People who don’t want to lean anything about computers use iOS and Android now. And that’s fine. I never want Linux distros to become like that.
Honestly the more I hear “year of linux will never happen”, the more I am convinced it might come. I see ppl being defensive against a new trend
Don’t know what kind of program you’re running but… No.
My Linux has updates every week, which means that if I was on Windows to keep everything the same up to date I would need to check every website to see which app released this week, maybe this week Firefox had a new release, maybe next week it’s mullvad VPN, and next week is the NVIDIA driver, but if I hadn’t checked all of them I would not know which ones have a new release.
Also if you want adoption you need to make your product easy to use and not ask them to become experts at how things work
Agreed, but also you should have options so that power users can take advantage of it.
Do you think all bike riders know how to adjust their derailer or even care to know?
Do you think that bikes should not have gears since most people don’t know how they work? No, because even if you don’t understand the mechanics you can understand the general terms, and even if you don’t understand gears you can just not use them, same as a package manager. Options is always better.
if Linux requires users to understand how to do things manually in the terminal then the “year of the Linux computer” will never happen.
It doesn’t require it, you’re ignoring the fact that OP could have just clicked download and download an installer same as he would on Windows. But if you can use the terminal and understand package managers you can use Linux in a way that Windows is impossible, if you can’t you can still use Linux in the same way you would windows with all of the sales downsides.
if Linux requires users to understand how to do things manually in the terminal
It doesn’t require it but it is often easier. It’s also alien when you’re new.
Just as an addendum to your answer. In the command writing to
mullvad.list
the| sudo tee /etc/apt/sources.list.d/mullvad.list
is using two helpful linux utilities to modify the command. The first is the|
which is called a pipe and connects the text output of one program to the text input of another. The pipe is connecting the output of echo which simply prints a string, in this case composed of the outputs of several other commands to the programtee
. Tee which is given admin privileges by thesudo
takes an input stream and splits it between two files. In this case those aremullvad.list
and since no other was providedstdout
the output pipeline of the terminal running the command.EDIT:
In the interest of further completeness. Another utility used in those commands is the command substitution operator of
sh
. So when the terminal is interpretting text(some command)
gets substituted out for the text output by the command in the parentheses. It is another common way of connecting commands on the shell to allow for more flexible and powerful commands.
My favorite part of this thread is everyone just saying copy and paste the commands so it will work. Like we should totally get users into the habit of running random commands off the net as root.
I mean I agree that this is a new user nightmare, but we’ve been conditioning people for 30 years to download and run random .EXE files as admin too.
The random Exe downloads for Windows to update drivers kills me. Users are conditioned to accept it without complaint.
Yolo
I don’t want to sound arrogant but is reading a few paragraphs then copying and pasting 3 different commands into a terminal really that difficult?
It will make life easier in the long run as having a repo added will update the software with sudo apt upgrade in the future.
It’s not difficult. I’ve installed several apps that way already. I just don’t like blindly following instructions while having zero understanding of what I’m actually doing here. Also, in this case the instructions are unhelpful because nowhere it tells me to install curl first and because of me not having it the first command just comes back with an error.
cURL is a very commonly used program to download individual files from the command line and worth installing to have it around in the future.
sudo apt update
sudo apt install curlThe first command tells your package manager to update its list so you ask for the latest version. You can skip it if you’ve already updated today. The second command tells your package manager to install cURL.
This will happen every now and then, especially when building a package from source. You won’t have some common utility that the documentation writer assumed you had, and you will need to find what package provides it and install the package.
The way to solve that problem is to read the commands and look up what they do. The installation method they describe is pretty standard and inoffensive. And provides automatic updates. The commands used aren’t complicated and they’re some of the system fundamentals for Debian/Ubuntu systems so it’s a good idea being familiar with them.
In the time it took you to write this shit post and respond to all the comments you could have spent a couple of minutes reading and educating yourself on the process. It’s legit pretty simple especially if you’re willing to do a little research.
Kids these days i swear.
deleted by creator
Yes people would assume you have curl. Curl is often used to install programs. And curl is definitely one of the things that can do malicius things this way. So you are right to be hesitant to use commands that you don’t understand. Most Linux users have forgotten how hard it is to learn the first stuff with no preaquired knowledge.
If you have googled “what is curl and how is it used” you may have found some relevant info.
I have given up on Linux because installing was hard in the past
There are some tools that make installing software easier. Like “appimage” files that are single files that (after you make executable) are completely self contained.
Flatpacks and snaps have an “store” like experience.
.deb files are also sometimes simple (also need to be made executable) (depends on the distro)
Unfortunately there is no .exe file experience.
And if you read a few paragraphs more, there’s a
Download and install the app
section too, rather than add their repos. Which is what the OP wanted anyway…Edit: Here’s the link for the package download: https://mullvad.net/en/download/vpn/linux
Doesn’t sound like this sailor is much into reading
Gotta consider users on windows download random programs and blindly follow an installation wizard.
“follow an installation wizard” <– I know people just out of uni (having completed BTech), who can’t even do that. Keeping that in mind, I can have way more patience towards OP.
That page lists multiple installation methods, for multiple distros. There simplest one for you is just two steps.
-
Download .deb installer
-
Run
apt install ~/Downloads/MullvadVPN-*_amd64.deb
It’s not that complicated. That’s just confusingly written. And caters to a wide range of users.
Its more secure to go through a package manager. Checking signatures is important.
You can verify the signature of the manual download as well. Either way, you are trusting the files you download over HTTPS from mullvad.net. There’s no real difference, except that when you use the repo, you are trusting it indefinitely, whereas if you download the deb directly, you are only trusting it once.
Using the repo is less secure, because it opens you to future attacks against the repo itself.
Https is vulnerable to loads of attack. That’s why we sign packages.
You’re downloading the signing key over HTTPS either way, from the same server. That’s the common point of failure.
That’s why you download the key from multiple distinct domains from multiple distinct locations using multiple distinct devices and veryify their fingerprints match. If the key/fingerprint is only available on one domain, open a bug report with the maintainer.
Agreed.
Unfortunately, Mullvad’s instructions just have you download the key from mullvad.net and add it in with no further validation.
You can also get it from their GitHub page, at least for the individual debs. Not sure if they have the repo key on GitHub.
bad advise, OP should use a repo if they have apt
edit: yes, I understand, one day I’ll get rooted by whoever hacked the VPN app’s servers
There’s nothing wrong with installing a .deb manually.
Personally, I’d hesitate to add any third-party repos unless there is a very good reason. In this case, the only real difference is that you won’t get the updates automatically with
sudo apt update; sudo apt upgrade
without the repo. Either way, the desktop app will notify you when updates are available. There’s very little advantage to using the repo.Adding a repo is very rarely required. It has deeper consequences than simply installing an app, and requires a higher level of trust. If you don’t understand the security implications of adding a repo (and its associated key), then my advice is: just don’t.
Yes, there is. You’re risking downloading malicious software.
What are you on about? If you are using the 3rd party repo, you are just as likely to get malware than if you download the deb directly from the wbsite. Its literally the same thing, just adding the repo means that the malware could get installed automatically and without you knowing where it came from.
No, you’re confusing two vectors of attack. I’m saying that if you fan trust the vendor, then you’re still at risk from downloading malicious software that was manipulated between the vendor and you (man in the middle attack), unless you verified a signature using a key stores offline (note https is still vulnerable because the keys are stored online)
Not untrue, and I don’t think that the possibility should be glossed over, but honestly, what do you think is more likely: this specific person getting specifically MitM’ed by a bad actor, or a bad actor taking control of a repo that hundreds of people blindly trust. I have a sneaking suspicion that OP’s threat model isn’t sophisticated enough to need to really, truly, be worrying about that.
This sort of thing happens dragnet. And mullvad users are definitely a group to be targeted. Dont assume OP isnt a refugee or journalist and give them bad advice that could get them killed
The Deb and ppa will have the same content, the ppa is just automatic, assuming the owner maintains it.
-
“I have no idea what I’m doing here” <- Happens in the beginning. How about you start by trying to know what exactly you are doing? Let me give you a fasttrack…
-
The first command you get in the instructions is
curl
. It is generally used to download stuff from a networked server.1.1. To understand the
-fsSLo
in the command, I strongly advise you to check out the manual ofcurl
usingman curl
in a terminal. -
The second command in the instructions is
echo "something" | sudo tee some/file
2.1 Here you see 3 commands
echo
,sudo
andtee
. 2.1.1 Again, you can useman command-name
to check the manual pages for these commands 2.2 There is a|
symbol over here. It is called the “pipe symbol”, which is what you can use to search for it. It is usually difficult to search for the symbol itself and I haven’t found a man page for it, but openman bash
and look for “Pipelines” and you’ll know what it is about. Use Link, Link and Link to help yourself understand this. -
The commands in “Install the package” use the
apt
program. This is a Package Manager. Its job is to read package information that package developers have made and try to not let the system become unusable.- e.g. If you have a program called Xorg from 5 years ago, and a program called mesa from 5 years ago and Xorg depends upon mesa to work. Here, if you replace your mesa with a new, recent mesa yourself, there is a good chance Xorg will not work. The Package Manager prevents that from happening.
-
The gist of what the instructions are making you do is, telling the Package Manager that there is another place from where you want it to look for packages.
To understand man pages better, check out this link.
Don’t think too badly of people dissing you in the comments. They are tired and fed up of help vampires. Hopefully, you can try not to become one.
- Try and build your own process of understanding the commands you see on the internet before entering them into the terminal.
- The comments telling you to just follow the instructions, are coming from the perspective that you don’t have the patience and determination to understand them yourself, which, a lot of people don’t. I will leave it upto you to determine which one you decide to be. It is, however, a bad idea to follow instructions on any website, just because it “seems legit”. You can’t really say you “trust” the site until you have the ability to find out for yourself whether you want to trust it.
-
This is not the only way to install apps but as a Linux user there will be times when you will need to use the terminal. Might as well know that from now.
The instructions they gave are really simple and straightforward. If you struggle with that, you may want to learn a bit about the terminal.
But since you’re on Ubuntu there is a much easier way: go to Mullvad downloads page and download the deb file. Double click it and the Ubuntu App Store should open and install it. If not, open the App Store and search for gdebi and install it. Now right click the deb you downloaded, and click “open with…” and choose gdebi from the list.
It should check dependencies and give you an “install” button. Click that and wait for it to finish. Then simply launch Mullvad as normal.
In general on Linux you install apps by looking in the distro repo: either by searching the App Store or by using the terminal.
To do it from the terminal type:
-
‘sudo apt update’. Enter your password.
-
After it’s updated type 'apt search [name of app] and press enter. It will give you a list of apps with that name. Eg apt search lollypop (a music player). Then if you see it listed, you know it’s in the repo.
-
To install it type ‘sudo apt install lollypop’ and press enter. It will tell you how large it is and if you want to install it. Type “y” and press enter. It will finish it in a few seconds.
Done. Launch the app as normal.
There is also something called Flatpak’s which you can get from flathub.com You will also find instructions there on how to install flatpak on your system but typing a few commands.
Welcome to Linux. You’ll either embrace and love it or abandon it.
You will have to use the terminal less often than people on Windows do
It’s a personal choice
The average Windows user doesn’t know what a terminal is, let alone use it. Whereas in Linux every user knows what a terminal is and has used it at least a handful of times.
Some distros don’t have an app store, just the terminal.
The average Windows user knows that command prompt exists
The average Linux user comes from Android and has no clue about terminal
Bro, I’m an IT Support Technician and Sysadmin by profession. Trust me when I tell you the average user has never seen the command line.
Move a shortcut on their desktop and they freak out because they think the pc deleted all their work. No way in hell they would touch a terminal.
I’m aware, someone asked how to download a video so i told them just paste the url in command prompt (yt-dlp) and they said it’s not worth it
But no one I know even knows how to get to CLI on Android
-
The same MFs on here that rush to tell someone that Linux is easy and intuitive are the same ones that can’t keep a small talk conversation for more than 5 mins, a social activity that humans have been doing for thousands of years.
My words might be a little broad, harsh, and even hurtful, but just a reminder that not all of us are good at learning the same things.
We didn’t all come out of the womb knowing how to socialize or use Linux, but if we look back far enough, we can all relate to the struggles it takes to learn something new, and how much it sucks when someone treats you like you’re stupid just because things sometimes don’t click
Sounds like someone didn’t learn to socialize or use Linux.
Bravo! Super true :)
Yes and with good reason. To prevent people like yourself from downloading and running malware.
Horseshit. Why do people endlessly promote Linux only to turn around and express smugness, gatekeeping, and hostility to new users?
You’re not even correct. The Everything as a file philosophy isn’t an antivirus program. Like it’s impossible to get malware by blindly pasting script into a terminal.
This attitude is a bigger obstacle to adoption than games compatibility.
- Am not promoting Linux, I don’t know where you got that idea from.
- How is it hostility when am letting OP know that’s exactly what’s included in the package when he chose Linux? And that unlike Windows where you install downloaded files as programs, things work differently over here?
- You can install malware by blindly copypasting commands on any terminal, the OS doesn’t matter.
Because you chose to phrase it as an insult. “To keep people like you from doing X” has a very different connotation than “this is a security feature that helps protect inexperienced users from malware.” One is helpful, one is demeaning.
You are reading too much into the comment.
Because that’s your typical neck beard Linux douchebag. Linux is not intuitive, it runs well, but it’s not intuitive at all for new users.
It’s often not intuitive for *Windows users.
Even then, most of the time it actually is.
Is malware specifically a problem on Linux then?
Specifically, no. Far less malware on Linux. But it’s still a computer system that can execute code.
It’s a problem anywhere, centralised software repositories help combat it to a degree.
Malware sadly is a problem everywhere, but it is arguably less so on Linux. First, Linux is less popular so less malware is written for it to some degree. That doesn’t mean no malware, but if you’re trying to pwn people hitting a website you’ll get more targetting windows, android, or iOS than Linux so it’s a little less prevalent.
Second, it could be argued the security model of Linux is more secure than windows. This is a far more contentious point, but I think that simply from having more eyes on the code Linux has a more secure model. Windows relies on security through obscurity a great deal, and if you talk to cybersecurity experts they will often tell you this is no security at all.
Lastly, because software on Linux is typically installed through centralized repositories of binaries or sandboxed app images, you have to go more out of your way to get dodgy software on Linux. The tradeoff there is that a lot of proprietary apps and helper programs that come with some tech will never be available in the repos and that can send some new users to try finding them elsewhere with all the risks that entails. Some distros go for a middle ground with access to things like the Arch User Repositories, but Ubuntu’s solution is using things like PPA’s to add extra software repositories.
Yes, much of the web is hosted on Linux servers, and only growing as more and more people start playing around with self hosting projects.
The instructions on that page make it so that every time you run a system update, mullvad automatically updates as well. If you’re happy doing the updating yourself, you can download the
deb
file from here: https://github.com/mullvad/mullvadvpn-app/releasesThat’s even more confusing.
I just don’t get why on windows and mac I can download the app from their site, install it and it just works but on Linux I have to do everything thru terminal. It’s not that I can’t get it done but it just seems insane to me that it has to be this difficult.
You don’t have to do everything through terminal. You can use synaptic for example. What you have to do is to learn new concepts. If you want to do everything like in windows, use windows.
I’m giving Linux a chance because people here recommended that I do and now you’re telling me to use Windows.
You should try Linux because you want to and find it interesting to learn. If you are doing it because other people told you to, you are going to have a bad time.
Linux isn’t Windows with different branding. Things work differently, and if you take the time to understand why you’ll usually see the logic eventually, even if you may not to agree with it. I think folks are bristling a bit at your implication that things are hard on purpose somehow. Many experienced users find the terminal easier to use and more efficient; it shouldn’t shock anyone (including you) that it’s going to feel awkward when you don’t understand it yet.
Howtos tend to use the terminal because it’s likely to work the same for everyone regardless of what other choices they’ve made with desktop environment, etc.
You can do nearly everything with a GUI if you choose.
Learning about package management, and repositories, is part of the Linux experience. It’s worthwhile to dive into the documentation and figure it out.
There is a learning curve, but the rewards are more software independence.
I don’t recommend using anything new to you unless you are ready to learn it. If you are, welcome aboard!
I think a better way for the other user to have stated this, is learning Linux, while difficult at times, should be a fun and rewarding experience. I’m about a year in, and this is all easy stuff to me. One year ago? I would have been as frustrated as you are. But I persevered, I learned, and I got a sense of accomplishment out of becoming competent. I don’t really need to ask too many questions now, because the more I figure things out, the easier it gets to figure things out.
If you’re not into that, Linux might not be for you. But I hope it is, I hope you persevere and keep learning and find the same satisfaction from it that I have.
Look at it like this.
When you got your first smart phone, be it android or iOS, you didn’t know where anything was, so there was a learning curve.
But, in the same way as phones, there are built in “stores”. Those stores are called repositories, and they’re accessible in more than one way. You don’t actually have to use the terminal, it’s just usually faster since you really don’t type much more than you would entering a search in whatever GUI interface comes with your distro. Indeed, you can actually set up the commands in a notepad, change the package name each time, and copy/paste the commands, and you’re only a couple of seconds slower than opening the package manager, searching, scrolling to find what you want, clicking to install… See what I’m getting at?
Windows isn’t really faster than that. You have to go to a site, download, find the exe or msi in your download folder, then click in the various pop-up windows. And you can find .deb files that do the same thing as an exe or msi, just not for every program, because they’re an unnecessary pain in the ass. It’s extra steps.
I promise you, comparing the way Linux works now, and the learning curve it takes to the learning curve on windows back when it was a new experience (and I’m talking windows 95, the previous msdos shells were worse than that), Linux is way easier. And don’t even get me started on how shitty a user experience DOS was. Jfc, I’m dyslexic, and it was a nightmare. Windows 95 wasn’t a big jump better in dyslexia land, but it was at least better than DOS.
If you were used to something like mac only, and had never used windows, the transition would be similarly annoying. And, for me at least, dealing with installs on windows is more of a pain in the ass now that I’m used to package managers.
I did a clean install of Windows 7 on my media PC (and yes, you valiant security friends, it’s air gapped) maybe two years ago. From start to finish, including programs, took me about five hours.
My laptop that I run Linux mint on? An hour, start to finish. The only differences in the programs installed are in specifics, not in types. I plugged in my live drive, hit install, and was ready to start installing programs in maybe twenty minutes. My media pc is an old gaming PC, btw. Tons of ram, ssd, etc. The laptop is an old thinkpad. So it wasn’t like the laptop was better hardware lol.
Which seems tangential, but it’s pointing to the underlying ease of use once you’re used to the system. I’ve being doing windows installs since the nineties (and a little before, but only in classes), so it isn’t like I’m not experienced. I’ve only been doing Linux installs since about 2015.
Hell, my very first Linux install was Ubuntu on my dad’s old computer just to make sure I didn’t screw a box up that was in use. Even that, going from Ubuntu being ready to go, and having the programs set up to use was only maybe two hours, and that was mostly looking up the very process that’s been described by others in this thread and copy/pasting things in for each program.
So don’t get discouraged. If you end up really not liking it once you get past the learning curve, that’s okay, windows will still be there. You can go back to it. But, if you’re like me at all, once that learning curve is past, you won’t enjoy the extra hassles windows puts in the way.
IF you want it to work like windows. It’s up to you, people here are giving you the options to choose whichever suits you.
Welcome to the community. As you can see, there are some that are quite helpful and others that are … less so.
I agree with you that there should be a better way to do that. It’s been a while, but I’m pretty sure the Chrome deb file handled all of that for you. I’ve always been confused why every company that sets up their own PPA didn’t do that.
I don’t know about Mac, but on Windows the Mullvad app doesn’t auto update. If you want to do it Windows style you can look for deb files (which are like installers) or AppImages (which are like standalone executables).
Most pieces of software give terminal instructions for Linux because different people might use different package manager frontends, but literally every Linux user has a terminal. It might seem daunting at first, but giving users commands to run in their terminal is a lot more simple than trying to walk them through repo management through the GUI, or just telling them to figure it out themselves.
On Mac it doesn’t autoupdate, but prompts you to Download the new version when it’s available
On windows you can use Winget to install update
winget install -e --id MullvadVPN.MullvadVPN
I just don’t get why on windows and mac I can download the app from their site, install it and it just works
That’s what the instructions are guiding you to do.
If you hate the terminal then maybe Linux simply isn’t for you? That’s completely okay you know. Use the tool that’s right for you.
Same reason you don’t download installers for your phone, why don’t you think it’s confusing there?
One reason is that different distributions of linux do things slightly different. Would it be better if there was only one linux os? For some devs of third party software, probably, but diversity and freedom to fork software has been good to linux, and no one could decide what everyone else should use anyway.
So, each distribution takes the available software and package it to fit their distro specifics, and those packages go into their repositories. The benefit of using official repositories is that someone has gone through the trouble of making sure it will work on your system safely. There’s accountability and hopefully a bug tracker etc. When you download from a random website you have to trust them instead. Then… you have companies working outside of this model, usually they provide a flatpak or their own third-party repositories. Then you get all these extra steps, but it’s not how most distros prefer to handle software.I can totally understand why the terminal seems confusing and scary right now, but it’s actually awesome for this kind of stuff because you can just copy and paste commands to do pretty much anything to your computer. Using a GUI often means having a bunch of screenshots that you have to follow manually to do something that a single command can do. Once you’re used to the terminal for these kinds of things GUIs can seem barbaric. Of course it seems scary before you know much about it because it seems like the fucking matrix, and you should only run commands from sources you trust (because they can do anything)… But it’s worth giving a chance, I think.
For this particular instance… often you can just download an application on Linux from a website and run it, but this is almost never the preferred way of doing things. Usually you install applications from your package manager, which is kind of like an App Store (but free), and the advantage of this is that 1) you don’t have to hunt down sketchy executables on the internet, you have a vetted source of safe packages from your distribution, and 2) you can easily update all of your packages. Having a one stop shop for all of your applications (or at least most) is really great, but it can be a little annoying when something you want isn’t in the official repos (like this), though it’s usually a fairly rare occurrence.
What annoys me the most with installing apps this way is that I have already installed several and while having been succesful I still have no clue what any of this does. What is sudo? What is apt-get? What is repositorie? What is package? I just don’t know what any of this does and blindly following instructions isn’t teaching me anything. When I try to looks for explanations or tutorial videos I’m just met with more jargon that I don’t undestand. GUI is really intuitive for me as it helps me to visualize what’s actually happening but playing around with terminal is really abstract and confusing. If I’m met with an error I’m completely stuck then. Only troubleshooting I can do is to make sure I typed the command correctly.
If you stick with it you’ll eventually start to understand what all the jargon means.
-
sudo is kind of like “run as admin” in windows. It runs whatever command as root(admin) instead of as your user. To use it you just add sudo in front of the command. Ex. “apt-get update” becomes “sudo apt-get update”
-
apt-get is the command that controls your Ubuntu Repository. “apt-get update” basically checks for updates for everything on your computer. Then “apt-get upgrade” downloads and installs all those updates. And “apt-get install <app/package name>” is how you install apps that are in your distros Repository.
-
A Repository is basically an app store for your distribution. Each Linux distribution usually has their own. And they have different software(apps) available in them. If a app you want is not in your repo there are different options to install it. That was probably the hardest part for me to understand when I started. But now days the easiest option is to use snap or flatpak to install something that’s not in your distros Repository.
-
As far as I understand, a package is just another way of saying app or software program. There might be a technical difference. But when you download a package you’re basically just downloading the program/software/app.
-
There are also package dependencies which is the other software that is required to run the software you’re trying to install. When you run “sudo apt-get install <package name>”. You will see a list of packages that will be installed. This includes all the dependency packages. Which are the packages that are needed to run the one that you’re trying to install.
Some linux distribution try to give you a GUI for everything. But its definitely worth learning how to do stuff in the terminal. Once you learn it you’ll realize why it is so much better than a GUI.
A “package” goes beyond library or app, basically by being part of a package management system:
- I has a version number in a standardized format, which package managers can use to reason about dependencies
- It declares its own dependencies, with version constraints. It will have entries like “In order to run I need a copy of jsonReader version at least 0.12.1”
I think that might be it.
Just in the same way both rice and bread come in a package at the grocery store, and both of their packaging has nutrition info, UPC barcode, and net weight printed on it. The packaging itself allows these goods to be distributed through a particular system.
The barcode is part of the packaging standard, and then the “package management” processes of retail use that barcode for their own inventory management, checkout, etc.
Your analogy makes a lot of sense. I think that knowledge will be useful. Thanks.
I realized there’s quite a bit more metadata that a package provides to its package management system. Here’s an example package definition, in the programming language Ruby: https://github.com/thoughtbot/factory_bot/blob/main/factory_bot.gemspec
It defines, among other things:
- author
- license
- dependencies
- version
- name
- description
- link to project webpage
Oh good, you wrote basically the exact response I was going to give!
The only other thing I would mention is… if you don’t know what a command is, you can and should look it up! You can use the internet, but you can also try “man sudo” or “info sudo” and do a bit of reading. It might not make sense at first, but you’ll start building up a vocabulary really quickly.
It never hurts to start with
help man
-
Removed by mod
You seem nice
My recommendation for learning this stuff is ChatGPT, ideally version 4
You can, it’s up to the software vendor to make it simple.
Most of the software are FOSS and can be installed directly from your package manager. That works like the iOS app store/Android Play Store except it existed 10 years before mobile stores.
Google Chrome is an example of proprietary software (so not in distributions repos) that is as easy to install on Linux than Windows. Because Google managed to get a deb that will also update your repos.
Bottom line, most of the time it’s way easier to install software on Linux than Windows (as easy as on iOS) but occasionally it’s slightly more complex.
On Windows and Mac, you are doing a number of things implicitly that you don’t realize.
When you download from their site, you are expected to verify the integrity and validity of the install file yourself. You also have to take ownership of installing any dependencies yourself.
With the instructions mulvad is providing you, you are connecting to a repo and apt does all that for you.
Some installs don’t require dependencies, but some do. Long term, this style of install tends to be a lot simpler, you just have to learn it.
But more importantly and as others have stated. Linux is different. If you aren’t interested in learning a new workflow, you should stick with something familiar. That’s a choice you should make not because others said it but because you want it.
Because it’s an asinine practice from which windows is moving away through winget, and which made the open source community to write a package manager for mac from scratch – homebrew.
And if you think about it for a second, you will realize that it doesn’t exist on Android and iOS at all. E.g. 99% of users only install from a centralized repository called “appstore” and nobody is ever downloading an executable installer.
Basically, you’re uninformed, and blatantly defending your uneducated way of installing software.
Homebrew is extremely insecure. It doesn’t verify package signatures, so its just as bad as the “just donloaf some sketchy untrusted binary off a website” approach
I don’t understand. If I go to their site at https://mullvad.net the obvious choice to download their software is to click at ‘Downloads’ at the top of the page. It already autodetected I am running Linux and has me on the Linux tab.
Sure there are two download options but the first one says it works on Ubuntu and the second says it works on Fedora. You get a file you can just double click and install. Windows installation works the same way. You download a file and double click it.
You don’t have to use the terminal you don’t really have to know more about sudo than you need about Windows UAC, you don’t have to know what a package or .deb is anymore than what a win32 executable or an Windows’ .msi file is.
People giving you more complicated answers either did not check the website (because they presumed you did) or if they did they think you want more features such as auto-updating which in Windows also requires a more complex install than downloading a file and opening it.