-
Notifications
You must be signed in to change notification settings - Fork 1
/
README
151 lines (116 loc) · 5.36 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
_ _ _
_ __ __ _ ___| | _| | __ _ __| |
| '_ \ / _` |/ __| |/ / |/ _` |/ _` |
| |_) | (_| | (__| <| | (_| | (_| |
| .__/ \__,_|\___|_|\_\_|\__,_|\__,_|
|_|
Overview
========
packlad is a lightweight, permissively-licensed package manager for Linux
(https://www.kernel.org/) distributions.
It tries to combine:
- The speed and robustness of pacman (https://www.archlinux.org/pacman/)
- Digitally-signed packages, as with major package managers, but without bloat
- Easy creation of repositories, as with createrepo
(http://createrepo.baseurl.org/) and PPM (http://bkhome.org/woof/ppm.htm)
- The "autoremove" feature of Apt (https://wiki.debian.org/Apt)
- The ability to extract PPM's (http://bkhome.org/woof/ppm.htm) PET packages
on any distribution (using standard command-line tools), despite of their
custom format
packlad is the successor to packdude (https://github.com/dimkr/packdude). It's
simpler, since it uses old-fashioned text files instead of SQLite
(https://sqlite.org/) databases.
In addition, it's more secure, since it supports digitally-signed packages.
Features
========
- Package download and installation, with recursive dependencies resolution
- Package removal, with automatic cleanup of unneeded packages
- Support for digitally-signed packages, with quick verification
- Support for multiple compression algorithms
Lacking Features
================
- Support for multiple repositories - packlad is designed for small
distributions with one repository per architecture
Dependencies
============
- libarchive (http://libarchive.org/) with support for:
- lzip (http://www.nongnu.org/lzip/lzip.html)
- XZ (http://tukaani.org/xz/)
- gzip (https://www.gnu.org/software/gzip/)
- libcurl (http://curl.haxx.se/)
- zlib (http://www.zlib.net/)
- Ed25519 (https://github.com/orlp/ed25519)
Building
========
To generate a key pair:
make genkeys
To build packlad:
make
To create packages, use dir2pkg with the keys under keys/.
Usage
=====
- Build packlad.
- To create packages, place their files in directories and run dir2pkg for
each. The keys you should use are the ones under keys/.
- Then, create a package list with lines in the following format:
packlad|1.0|A package manager|packlad-1.0.pkg|x86_64|libarchive curl zlib
If you don't understand how to create this package list, see
doc/internals.txt.
- Upload the packages and the package list to a server (which speaks any
protocol supported by libcurl). Make sure the package list is named
"available".
- Distribute packlad to the end-user, with the repository URL under the "REPO"
environment variable. Make sure you keep the private key to yourself.
Directory Structure
===================
- "doc" contains documentation
- "compat" contains compatibility and portability code
- "keys" contains packlad's private and public keys and a key generator
- "pkgsign" contains a package signing tool
- "dir2pkg" contains a script that generates a signed package from a directory
- "core" contains packlad's core: low-level package manager building blocks
- "logic" contains packlad's high-level, complex operations, built on top of
multiple modules of the core
- "packlad" contains packlad itself, a command-line tool that wraps all logic
FAQ
===
'packlad'? Are you serious?
----------------------------
Yes. It's like pacman (https://www.archlinux.org/pacman/) and packdude
(https://github.com/dimkr/packdude), but smaller and younger.
Why write another package manager?
----------------------------------
packlad was written for RLSD (http://rlsd.dimakrasner.com/), because it needs
a small package manager that is easy to work with, secure, lightweight and
straight-forward, without unneeded questions.
How does packlad work?
----------------------
See doc/internals.txt.
What's so bad about packdude?
-----------------------------
- It's complicated. I mean, the code.
- Databases are binary and cannot be edited by hand.
- packdude's repositories contain a database. This database is created using
a tool that converts a CSV file to a SQLite database. Keeping the
human-readable CSV file in sync with the database is simply annoying and
error-prone.
- It doesn't support signed packages.
- It doesn't allow the user when to update the package database.
- It supports only XZ compression.
- It doesn't play nicely with luufs (https://github.com/dimkr/luufs), since
all the package data is contained in one file.
- Its dependency resolution is inefficient.
What was good about packdude?
---------------------------
- It was small and fast. Package installation was quick.
- The automatic cleanup feature worked amazingly well.
- Its package format was great. tar and XZ Utils handle archiving and
compression pretty well, so using existing technologiesw was a good choice.
Also, the package header was located after a XZ-compressed tar archive, so
it was possible to extract packdude's packages with xz and tar. That was
pretty convenient. This is definitely a keeper.
Credits and Legal Information
=============================
packlad is licensed under a 2-clause BSD license, see COPYING for the license
text. For a list of its authors and contributors, see AUTHORS.
The ASCII art logo at the top was made using FIGlet (http://www.figlet.org/).