How to Install google-talkplugin deb in Ubuntu 16.04

I need to install this plugin in Ubuntu 16.04:

https://www.google.com/tools/dlpage/hangoutplugin

In previous versions of Ubuntu, I easily installed this plugin, but I cannot get it to install on 16.04 with its new GUI software manager.

I've submitted a bug about this: https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1573408

Please suggest a workaround.


Solution 1:

I was able to install the plug-in using the command line like this:

sudo dpkg -i google-talkplugin_current_amd64.deb

That produced this:

Selecting previously unselected package google-talkplugin.
(Reading database ... 196768 files and directories currently installed.)
Preparing to unpack google-talkplugin_current_amd64.deb ...
Unpacking google-talkplugin (5.41.0.0-1) ...
Setting up google-talkplugin (5.41.0.0-1) ...

After this, I restarted Firefox. I went to Gmail to make a phone call, and after clicking the "Allow" button (prompted at the top of Firefox -- under the address bar), it worked.

However, after installing this, I was no longer able to sudo apt-get update

sudo apt-get update
W: http://dl.google.com/linux/talkplugin/deb/dists/stable/Release.gpg: Signature by key ***************omitted****************** uses weak digest
algorithm (SHA1)
E: Failed to fetch http://dl.google.com/linux/talkplugin/deb/dists/stable/Release  No Hash entry in Release file /var/lib/apt/lists/partial/dl.google.com_linux_talkplugin_deb_dists_stable_Release which is considered strong enough for security purposes

For now, I've disabled that repository by un-checking this:

enter image description here

The above step is my weak workaround for this bug: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1562733

Someone told me that I could just ignore that error until the repository is fixed (instead of disabling it, like above). However, I did not find this to be the case; it seems that if there is one failure during a sudo apt-get update, succeeding repositories (after that error -- ones without issues) do not get hit (therefore it ultimately blocks your ability to fully update your computer).

If I understand the bug correctly, it seems like Google will need to fix their repository to adhere to Debian/Ubuntu's (new) higher security requirements for signing packages.

To encourage Google to fix this, see here: https://wiki.debian.org/Teams/Apt/Sha1Removal