Trying to install VPN and these are the instructions Mullvad is giving me. This is ridiculous. There must be a more simple way. I know how to follow the instructions but I have no idea what I'm doing here. Can't I just download a file and install it? I'm on Ubuntu.
It's less complicated than it looks like. The text is just a poorly written mess, full of options (Fedora vs. Ubuntu, repo vs. no repo, stable vs. beta), and they're explaining how to do this through the terminal alone because the interface that you have might be different from what they expect. And because copy-pasting commands is faster.
Can’t I just download a file and install it? I’m on Ubuntu.
Yes, you can! In fact, the instructions include this option; it's under "Installing the app without the Mullvad repository". It's a bad idea though; then you don't get automatic updates.
A better way to do this is to tell your system "I want software from this repository", so each time that they make a new version of the program, yours get updated.
but I have no idea what I’m doing here.
I'll copy-paste their commands to do so, and explain what each does.
The first command boils down to "download this keyring from the internet". The keyring is a necessary file to know if you're actually getting your software from Mullvad instead of PoopySoxHaxxor69. If you wanted, you could do it manually, and then move to the /usr/share/keyrings directory, but... it's more work, come on.
The second command tells your system that you want software from repository.mullvad.net. I don't use Ubuntu but there's probably some GUI to do it for you.
The third command boils down to "hey, Ubuntu, update the list of packages for me".
I would have guessed that Ubuntu would install it by default since its a very common way to get stuff from the internet (when in the terminal), but apparently not (the other option is wget which is most likely installed, but that uses a different way to get the stuff).
You should be able to install curl with sudo apt install curl
I think that people being jerks take for granted how confusing this might be, if you're new; we (people in general) tend to take vocab that we already know for granted, as well as solutions for small problems. ...except that it doesn't work when you're starting out, and we all need to start out somewhere, right.
Yeah, once you work in Linux for so long seeing someone ask about curl missing is really easy to take for granted that we all started there, we’ve all been fresh on Linux. A lot of people take pride in their experience, but they shouldn’t lord it over those who are learning to advance themselves. It’s completely counter to why Linux even exists.
The curl that ships with apt is ubiquitous enough that I trust doing sudo curl xxx yyy more than enough if it means avoiding typing curl xxx /tmp/yyy && sudo mv /tmp/yyy yyy
Hmm... ProtonVPN team solved this in better way. They put the repo configuration stuff into DEB file, so it's just a matter of double clicking it and clicking install on Debian-based and Ubuntu-based (I know Ubuntu is Debian-based) distros and then installing the ProtonVPN client through either GUI or CLI package manager, whichever you wish to use. More newbie-friendly.
Unfortunately, I also just learned they dropped support for Arch Linux :(
We’d love to support the new app for arch Linux but honestly we’re understaffed and don’t have the bandwidth to be supporting the same distros that we did before with the previous client (4 packages before vs 10 packages now). If anyone from the community is willing to make AUR packages for themselves and publish/maintain them we’re totally fine with that, as long as people keep in mind that it would be an unofficial version because we currently don’t support arch Linux with the new v4 app.
Hmm… ProtonVPN team solved this in better way. They put the repo configuration stuff into DEB file, so it’s just a matter of double clicking it and clicking install
I was wondering how they'd solve signature checking and key installation - and looking at their page they seem to recommend skipping checking package signatures which, to be honest, isn't a super good practice - especially if you're installing privacy software.
Please don’t try to check the GPG signature of this release package (dpkg-sig –verify). Our internal release process is split into several part and the release package is signed with a GPG key, and the repo is signed with another GPG key. So the keys don’t match.
I get it's more userfriendly - and they provide checksums, so not a huge deal, especially since these are not official Debian packages, but the package signing has been around since 2000, so it's pretty well established procedure at this point.
Frankly in this case even a simple bash script would do the trick. Have it check your distro, version, and architecture; if you got curl and stuff like this; then ask you if you want the stable or beta version of the software. Then based on this info it adds Mullvad to your repositories and automatically install it.
I like them, even for software installation. Partially because they're lazy - it takes almost no effort to write a bash script that will solve a problem like this.
That said a flatpak (like you proposed) would look far more polished, indeed.