What's in Ubuntu Universe?
February 5, 2023
In the last couple of months, Canonical has been rolling out changes to push Ubuntu Pro via the APT package manager. It started by advertising free licenses to Ubuntu Pro for personal use when you ran apt update, and now they’re advertising the security updates you could get if you have a Pro license. This is a new service, before universe was updated in a “best effort” manner.
What’s the real impact of this though? There are a lot of packages in universe, but how many do we install? I primarily use Linux on servers, so this analysis will be from that perspective.
You can use dpkg to see if any installed packages come from universe with this command:
dpkg -l | awk '/^.i/ {print $2}' | xargs apt-cache policy | awk '/^[a-z0-9.\-]+:/ {pkg=$1}; /\*\*\*/ {OFS="\t"; ver=$2; getline; print pkg,ver,$2,$3}'|grep -v /var/lib/dpkg/status| sed -e 's/://'|awk '{printf "%-40s %-36s %-36s %-16s \n",$1,$2,$3, $4}' | grep universe
Here are some of the examples I noticed browsing the package list:
- qemu-guest-agent
- certbot
- python3-pip
- cpp-9, gcc-9, gcc-9-base, for home assistant I think
- composer
- docker.io
- ansible
- podman
- puppet
- asterisk
- elixir
- erlang
- mariadb-client/server
- redis
- nodejs
- wordpress
One thing that stands out is a lot of these packages wouldn’t normally be installed from Ubuntu anyway. The package maintainers of many of these packages recommend using their mirrors/sources for faster updates. If you want to have a look for yourself, you can search for packages by name at https://packages.ubuntu.com/. Look for the [universe] tag.
For my personal use, I’ve started comparing other distributions and I plan on posting my comparison soon. If I do remain on Ubuntu, I’ll probably sign up for their licenses and try to keep the number of systems I have under 5 with more aggressive container usage.
Professionally we’re already re-vamping our server infrastructure this year, making this a good enough time to switch, but we’re also using containers wherever we can, which ultimately means the impact of the changes we know about so far isn’t high.
That sums up how I feel about this after the knee-jerk reaction has passed. This change isn’t a big deal to me, but it does hint at a future where that isn’t the true. If monetary policy continues to tighten you will see more companies trying to monetize what they can.