Packages

From Gnuffy

Jump to: navigation, search

spaceman offers you to install packages from archlinux - including packages from aur.archlinux.org - and, of course, from any gnuffy-repository.

You can search for packages available here: http://gnuffy.homelinux.org/spaceman-search

Gnuffy/Archlinux packages are, basically, just packed and compressed files (.tar.bz2 or .tar.gz) containing all files of the package in a directory tree and some meta information. You might want to use spaceman to install packages or to write PKGBUILDs to create new packages.

Possibly, you are interested in spaceman's treatment of repositories - read the repository article for further information on this topic as well as for information about creating an own repository to publish packages.


The package list

Spaceman receives its package list from http://linux01.org/~nlissne/gnuffy/pkglist/i686.bz2. The package list is a bz2 compressed file containing information about every package that is included in the Arch Linux repositories, AUR and all Gnuffy repositories. Every Gnuffy user can create his or her own repository and register its contents in spaceman's package list. All repositories are registered in a single package list, you do not have to search for repositories.

The syntax of the package list entries is described in the pkglist (5) man page. Per default, spaceman stores it in its home directory, so usually you should find it in /var/db/pkg/installed.bz2.

Spaceman will, per default, update the package list automatically if the package list it finds on your system is older than 24 hours. You can change this behaviour in /etc/spaceman/spaceman.conf. Please do not modify your pkglist.bz2 yourself, it might cause strange and dangerous behaviour.

Note that the pkglist.bz2 is the general package list, it does not contain any information about packages being installed or not on your system. Information about installed packages is included in a file called installed.bz2 which you will find in the same directory as the pkglist.bz2.


Packages and signatures

Spaceman uses GPG signatures to ensure quality of Gnuffy packages: A user who builds a package signs the *.pkg.tar.bz2 and the *.pkgbuild.tar.bz2 to ensure that he is the builder of the package and no one else, for example someone who compromised the repository server. Be aware of the fact that a signature alone does not make a package trustable. It has to be a signature of someone you trust well enough to believe him that his packages are safe. You have to figure this our for yourself.

While packages from archlinux-repositories are not signed, any package or PKGBUILD in a gnuffy repository is signed by the owner of the repository with his or her GPG key. Signatures are repository specific. Several repositories can be signed with the same GPG key ID, but no repository can use several key IDs.

Spaceman's output contains the key ID a package or a pkgbuild is signed with. You find this information on the right hand side, on the same line as the name of the package. So, for example, the output 

 kernel26-2.6.25.11-1                                                                    arch-core (not signed)

does not mean arch-core is the author of kernel26, but the maintainer of the package. You can see the "not signed" information to warn you that this package is not signed. If it wasn't an Arch Linux repository, this would be an important information because integrity cannot be guaranteed. 

 emacs-nox-nosound-22.1-1                                    (5FC238D5) Leonie Herzberg (leonie) <xxx@xxxxx.xx>

This, again, does not mean Leonie Herzberg is the author of emacs but that this package is signed with the GPG key 0x5FC238D5.

Building new packages

If you want to build new packages, you may consider our article about PKGBUILDs.

Retrieved from "http://wiki.gnuffy.net/index.php/Packages"
Personal tools