-
Notifications
You must be signed in to change notification settings - Fork 1
A small, efficient and secure package manager; orphaned in favor of packlim
License
dimkr/packlad
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
_ _ _ _ __ __ _ ___| | _| | __ _ __| | | '_ \ / _` |/ __| |/ / |/ _` |/ _` | | |_) | (_| | (__| <| | (_| | (_| | | .__/ \__,_|\___|_|\_\_|\__,_|\__,_| |_| Overview ======== packlad is a lightweight, permissively-licensed package manager for Linux (https://www.kernel.org/) distributions. It tries to combine: - The speed and robustness of pacman (https://www.archlinux.org/pacman/) - Digitally-signed packages, as with major package managers, but without bloat - Easy creation of repositories, as with createrepo (http://createrepo.baseurl.org/) and PPM (http://bkhome.org/woof/ppm.htm) - The "autoremove" feature of Apt (https://wiki.debian.org/Apt) - The ability to extract PPM's (http://bkhome.org/woof/ppm.htm) PET packages on any distribution (using standard command-line tools), despite of their custom format packlad is the successor to packdude (https://github.com/dimkr/packdude). It's simpler, since it uses old-fashioned text files instead of SQLite (https://sqlite.org/) databases. In addition, it's more secure, since it supports digitally-signed packages. Features ======== - Package download and installation, with recursive dependencies resolution - Package removal, with automatic cleanup of unneeded packages - Support for digitally-signed packages, with quick verification - Support for multiple compression algorithms Lacking Features ================ - Support for multiple repositories - packlad is designed for small distributions with one repository per architecture Dependencies ============ - libarchive (http://libarchive.org/) with support for: - lzip (http://www.nongnu.org/lzip/lzip.html) - XZ (http://tukaani.org/xz/) - gzip (https://www.gnu.org/software/gzip/) - libcurl (http://curl.haxx.se/) - zlib (http://www.zlib.net/) - Ed25519 (https://github.com/orlp/ed25519) Building ======== To generate a key pair: make genkeys To build packlad: make To create packages, use dir2pkg with the keys under keys/. Usage ===== - Build packlad. - To create packages, place their files in directories and run dir2pkg for each. The keys you should use are the ones under keys/. - Then, create a package list with lines in the following format: packlad|1.0|A package manager|packlad-1.0.pkg|x86_64|libarchive curl zlib If you don't understand how to create this package list, see doc/internals.txt. - Upload the packages and the package list to a server (which speaks any protocol supported by libcurl). Make sure the package list is named "available". - Distribute packlad to the end-user, with the repository URL under the "REPO" environment variable. Make sure you keep the private key to yourself. Directory Structure =================== - "doc" contains documentation - "compat" contains compatibility and portability code - "keys" contains packlad's private and public keys and a key generator - "pkgsign" contains a package signing tool - "dir2pkg" contains a script that generates a signed package from a directory - "core" contains packlad's core: low-level package manager building blocks - "logic" contains packlad's high-level, complex operations, built on top of multiple modules of the core - "packlad" contains packlad itself, a command-line tool that wraps all logic FAQ === 'packlad'? Are you serious? ---------------------------- Yes. It's like pacman (https://www.archlinux.org/pacman/) and packdude (https://github.com/dimkr/packdude), but smaller and younger. Why write another package manager? ---------------------------------- packlad was written for RLSD (http://rlsd.dimakrasner.com/), because it needs a small package manager that is easy to work with, secure, lightweight and straight-forward, without unneeded questions. How does packlad work? ---------------------- See doc/internals.txt. What's so bad about packdude? ----------------------------- - It's complicated. I mean, the code. - Databases are binary and cannot be edited by hand. - packdude's repositories contain a database. This database is created using a tool that converts a CSV file to a SQLite database. Keeping the human-readable CSV file in sync with the database is simply annoying and error-prone. - It doesn't support signed packages. - It doesn't allow the user when to update the package database. - It supports only XZ compression. - It doesn't play nicely with luufs (https://github.com/dimkr/luufs), since all the package data is contained in one file. - Its dependency resolution is inefficient. What was good about packdude? --------------------------- - It was small and fast. Package installation was quick. - The automatic cleanup feature worked amazingly well. - Its package format was great. tar and XZ Utils handle archiving and compression pretty well, so using existing technologiesw was a good choice. Also, the package header was located after a XZ-compressed tar archive, so it was possible to extract packdude's packages with xz and tar. That was pretty convenient. This is definitely a keeper. Credits and Legal Information ============================= packlad is licensed under a 2-clause BSD license, see COPYING for the license text. For a list of its authors and contributors, see AUTHORS. The ASCII art logo at the top was made using FIGlet (http://www.figlet.org/).
About
A small, efficient and secure package manager; orphaned in favor of packlim
Resources
License
Stars
Watchers
Forks
Releases
No releases published