To track some of those dependencies already in Debian, I went through the Debian Rust Maintainers list and checked off the crates already present.

• typst
• typst-cli
• typst-ide
• typst-macros
• typst-pdf
• typst-render
• typst-svg
• typst-syntax
• typst-timing
• typst-assets
• typst-dev-assets
• az
• base64
• bitflags
• bytemuck
• chinese-number
• chrono
• ciborium
• clap
• clap_complete
• clap_mangen
• ctrlc
• codespan-reporting
• comemo
• csv
• dirs
• ecow
• env_proxy
• flate2
• fontdb
• fs_extra
• hayagriva
• heck
• hypher
• icu_properties
• icu_provider
• icu_provider_adapters
• icu_provider_blob
• icu_segmenter
• if_chain
• image
• indexmap
• kamadak-exif
• kurbo
• libfuzzer-sys
• lipsum
• log
• miniz_oxide
• native-tls
• notify
• once_cell
• open
• openssl
• oxipng
• palette
• parking_lot
• pathdiff
• pdf-writer
• phf
• pixglyph
• png
• portable-atomic
• proc-macro2
• pulldown-cmark
• quote
• qcms
• rayon
• regex
• resvg
• roxmltree
• rustybuzz
• same-file
• self-replace
• semver
• serde
• serde_json
• serde_yaml
• shell-escape
• siphasher
• smallvec
• stacker
• subsetter
• svg2pdf
• syn
• syntect
• tar
• tempfile
• time
• tiny-skia
• toml
• ttf-parser
• two-face
• typed-arena
• unicode-bidi
• unicode-ident
• unicode-math-class
• unicode-properties
• unicode-script
• unicode-segmentation
• unscanny
• ureq
• usvg
• walkdir
• wasmi
• xmlparser
• xmlwriter
• xmp-writer
• xz2
• yaml-front-matter
• zip

Edit: the binaries needed are mostly in typst-cli and this is how to install on any distro, without touching the system

# install rustup according to https://www.rust-lang.org/tools/install
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

# add it to your path, example for bash
echo "PATH=$PATH:$HOME/.cargo/bin" >> ~/.bashrc

cd ~
cargo init
cargo install typst-cli

@boredsquirrel We do have official binaries attached to each release, e.g.: https://github.com/typst/typst/releases/tag/v0.11.0

@laurmaedje #3966

It would be an awesome convenience to be able to install Typst via apt.

I don't think so. Most binaries on Debian are severely outdated due to the the way they package the distribution, so that makes it very inconvenient to package via them.

On a fully up-to-date Debian bookworm (bookworm is the newest version of Debian) system:

$ sudo apt-get install neovim

$ nvim --version
NVIM v0.7.2

Nvim is at 0.9.5 since Dec 30, 2023. This old v0.7.2 was released Jun 26, 2022. So the newest Debian is one and a half year behind!

The same occurs basically everywhere. clang is at 14.0.6 in Debian while it should be at 18.1.5. Clang 14.0.6 was released 24 Jun 2022. The newest version was released 17 April 2024, so they are almost two years behind.

It's inherent to Debian. That's why projects like Docker use a separate apt repository, which is also cumbersome. Instead, I second @boredsquirrel that using cargo or any other package manager than Debian is probably a better way to go.

EDIT: @boredsquirrel could even install binaries directly via https://github.com/cargo-bins/cargo-binstall

I agree that this is sort of an issue for Debian, not for typst itself. That being said, as a user, I prefer to have my software centrally managed by apt and dpkg than manually installed. Piping a script you got from wget into the shell is particularly scary to me. I understand that it's the Rust way to go and that's perfectly ok, but I really prefer not to do it at home.

This issue remains very precious even if it's mostly a downstream issue for Debian, not an upstream issue for Typst, because of the careful breakup of missing dependencies that still need to be packaged.

Piping a script you got from wget into the shell is particularly scary to me. I understand that it's the Rust way to go and that's perfectly ok, but I really prefer not to do it at home.

With cargo-binstall, installing typst would not involve running arbitrary scripts. Instead, it could look like:

$ cargo binstall typst

assuming typst is set up to allow this. bininstall would use the official GitHub releases, so as long as nobody gains access to make releases, it should be safe.

Wget/curl into shell is not inherently less safe than apt-get by the way. For example

$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

enforces HTTPS. In this case, the extra curl setting ensure that the data can only be downloaded from sh.rustup.rs and nobody can alter the data in-transit. So as long as the domain is trustworthy, it should be fine. Even Debian is susceptible to supply chain attacks as was shown by the XZ backdoor.

It would be an awesome convenience to be able to install Typst via apt.

I don't think so. Most binaries on Debian are severely outdated due to the the way they package the distribution, so that makes it very inconvenient to package via them.

Agreed, from the developer/upstream perspective this can be really painful.

But from a user perspective having stuff packaged in the official repositories totally rocks.

Also, that "Debian is outdated" trope tickles me to no end.

First of all, it really depends on what you mean by outdated. If we are talking security-related patches, then any of the Debian releases is more likely to give you a more "up-to-date" binary then some random tarball that you downloaded half a year ago from some website you do not remember the name of. That's why I prefer having my software packages managed by the distribution whenever possible. Just one thing less I need to worry about.
It's not at all about "how easy is it to install a package". Rather, it is about "how do I keep track of stuff afterwards".

Secondly, Bookworm is the name of the current stable release of Debian. Calling it the "newest" version is slightly misrepresenting things. If having the latest upstream package versions is more important to you than stability, you should probably not be running a stable release anyway. For example, in both Trixie (testing) and Sid (unstable), neovim is at 0.9.5 and clang at 16.0.

Sorry for the digression ❤️