1. Overview

In this tutorial, we’ll learn about Personal Package Archives (PPAs). We’ll discuss the workings of PPAs and why one might need to use them. In addition, we’ll also discuss the security risks that come with using PPAs.

Finally, we’ll look at a hands-on approach to managing PPAs on our system using add-apt-repository.

2. Personal Package Archives (PPAs)

Back in the old days of Ubuntu and other Debian-based Linux distros, users loved to customize their systems. They wanted to get their hands on the latest and greatest software. However, there was a little problem. The official repositories were a little strict about the packages they let in.

For that reason, the Linux community came up with the idea to create and host their own repositories. And that’s how PPAs were born.

2.1. PPAs in a Nutshell

PPAs are a collection of program packages provided by the community for Ubuntu and other Debian-based distributions. It allows users to easily install software packages that are unavailable in the official package repositories.

For instance, if someone decides to share a package with the Linux community, they would set up their own PPA by creating a PPA repository on Launchpad. There, the host curates the collection of software files, libraries, and configurations bundled together for easy installation.

In addition, Launchpad makes sure that the uploaded packages are authentic by making the maintainer upload a digital signature for the packages. Not only that, but it also provides PPA housekeeping, like building the packages for different versions of Ubuntu and other compatible distributions.

Once the PPA is ready, the maintainer can share the PPA source with users, and they can add it to their repositories sources. From there, users can install, upgrade, and remove the packages using tools like apt. Therefore, this minimizes the need for manually downloading and installing packages.

2.2. Pros

PPAs make it easy to upgrade the packages with a package manager without going through the process manually. In addition to the latest software that hasn’t made it to the official limelight, we can also install packages that are missing from the official package repository from a trusted PPA.

Apart from that, developers involved in software testing might need access to development or beta versions of various tools. PPAs can provide these pre-release versions for testing and development purposes.

2.3. Cons

PPAs provide the comfort of installing cutting-edge software. However, it comes with a cost of comprising security. Some PPAs might host shady software that can be a security risk to our system. Indeed, if we trust the hosts, we can use the software, but we should be careful when installing packages from less reputable maintainers.

Furthermore, some of the packages provided by the PPAs may not play well with the rest of our system. It might be an issue with the dependencies or the compatibility of the packages with the distribution in use.

Last but not least, some of the PPAs might not be maintained anymore. Thus, the outdated packages will be sketchy because they might contain security holes.

3. PPAs in Action

In this section, we’ll have a hands-on approach to managing PPA packages. For our example, we’ll look at the neovim package, which is a heavily modified version of Vim.

In the official package repositories, we only have access to the older version of neovim:

$ apt info neovim
apt show neovim
Package: neovim
Version: 0.7.2-7
Priority: extra
Section: universe/editors

However, there have been a lot of changes in the recent versions of neovim, which at the time of writing is 0.10.0. So, we’d like to install the latest version instead of sticking with the repository version.

3.1. Adding the PPA

First, we’ll add the NeoVim PPA to the software sources using add-apt-repository:

$ sudo add-apt-repository ppa:neovim-ppa/unstable -n
Homepage: https://neovim.io
Source/Issues: https://github.com/neovim/neovim
Documentation: https://neovim.io/doc
User Manual: https://neovim.io/doc/user
Neovim features: https://neovim.io/doc/user/nvim.html
Packaging: https://launchpad.net/neovim-ppa
More info: https://launchpad.net/~neovim-ppa/+archive/ubuntu/unstable
Adding repository.
Press [ENTER] to continue or Ctrl-c to cancel.

Notably, when adding the PPA, it prompts us to confirm the changes by pressing the Enter key. Once, we press the Enter key, the PPA is added to the sources, and the package index is updated.

The package index update occurs automatically. However, we can prevent this behavior by adding the -n or –no-update option.

In addition, one might wonder how to find the PPA name. We can find the name of the PPA using the Launchpad website. There, we can select the repository of our choice in the “Personal package archives” section. In this case, we went with the unstable PPA:

NoeVim PPA on Launchpad

3.2. Package Installation

Now, we’re ready to install the latest version of the package. So, we’ll update the package index first:

$ sudo apt update

Next, we’ll check the available version of neovim:

$ apt info neovim
apt info neovim
Package: neovim
Version: 0.10.0~ubuntu1+git202308030948-4a06de40e-9b397864c-4dc6b7f1c~ubuntu23.04.1
Priority: optional
Section: editors

As we can see, the version is 0.10.0. Let’s install it:

$ sudo apt update neovim -y

Once installed, we can verify the version:

$ nvim --version
NVIM v0.10.0-dev
Build type: RelWithDebInfo
LuaJIT 2.1.0-beta3

3.3. Removing the PPA From Sources

Similarly, we can remove the PPA entry from the sources using the –remove or -r option:

$ sudo add-apt-repository -nr ppa:neovim-ppa/unstable
Removing repository.
Press [ENTER] to continue or Ctrl-c to cancel.
Disabling deb entry in /etc/apt/sources.list.d/neovim-ppa-ubuntu-unstable-lunar.list
Removing disabled deb entry from /etc/apt/sources.list.d/neovim-ppa-ubuntu-unstable-lunar.list
Removing disabled deb-src entry from /etc/apt/sources.list.d/neovim-ppa-ubuntu-unstable-lunar.list

4. Conclusion

In this article, we learned what PPAs are and how they came into existence. We briefly discussed how PPAs work and their advantages over the official package repository. In addition, we also understood the risks involved with using PPAs.

Finally, we explored how to add and remove PPAs using the add-apt-repository utility.

Comments are open for 30 days after publishing a post. For any issues past this date, use the Contact form on the site.