A minimal package management system for Pure Data externals.
deken-plugin is included into Pure Data itself,
so the only reason to manually install it is to get the newest version.
Main development of the plugin is still happening in this repository, so you might want to manually install the plugin to help testing new features.
When manually installing the
deken-plugin, Pd will use it if (and only if) it has a greater version number
than the one included in Pd.
In this case you will see something like the following in the Pd-console (you first have to raise the verbosity to
[deken]: installed version [0.2.1] < 0.2.3...overwriting!
deken-plugin.tcl (Pd externals search) in /home/frobnozzel/.local/lib/pd/extra/deken-plugin/ loaded.
Click to download deken-plugin.tcl and save it to your Pd folder:
- Linux =
~/.local/lib/pd/extra/deken-plugin/(with Pd<0.47 try
- OSX =
- Windows =
Help -> Find Packages and type the name of the external you would like to search for.
deken-plugin will help you find and install Pd-libraries.
However, it does not verify whether a given package is downloaded from a trusted source or not.
As of now, the default package source is http://puredata.info.
Anybody who has an account on that website (currently that's a few thousand people) can upload packages,
deken-plugin will happily find and install for you.
In order to make these packages more trustworthy, we ask people to sign their uploaded packages with the GPG-key. Unfortunately the deken-plugin does not check these signatures yet. If you are concerned about the authenticity of a given download, you can check the GPG-signature manually, by following these steps:
- Navigate to
Help -> Find Packagesand search for an external
- Right-Click one of the search results
- Select "Copy package URL" to copy the link to the downloadable file to your clipboard
- Download the packge from the copied link
- Back in the deken search results, select "Copy OpenGPG signature URL"
- Download the GPG-signature from the copied link to the same location as the package
gpg --verifyon the downloaded file
If the signature is correct, you can decide yourself whether you actually trust the person who signed:
- Do you trust the signature to be owned by the person?
- Do you know the person?
- Do you trust them enough to let them install arbitrary software on your machine?
deken comes with a tool to package and upload your own library builds.
See developer/README.md for more information.