pkgutils issueshttps://gitlab.redox-os.org/redox-os/pkgutils/-/issues2023-02-25T14:52:39Zhttps://gitlab.redox-os.org/redox-os/pkgutils/-/issues/31(Feature Request) Implement the "-a" option to apply an action to all packages.2023-02-25T14:52:39ZRibbon(Feature Request) Implement the "-a" option to apply an action to all packages.Similar to FreeBSD pkg, where `pkg delete -a` remove all packages of the system.
We could expand it to all `pkg` arguments (fetch, extract, install).Similar to FreeBSD pkg, where `pkg delete -a` remove all packages of the system.
We could expand it to all `pkg` arguments (fetch, extract, install).https://gitlab.redox-os.org/redox-os/pkgutils/-/issues/30(Feature Request) Make the * operador match for all packages containing the n...2023-02-25T14:49:39ZRibbon(Feature Request) Make the * operador match for all packages containing the name specified.Other package managers implement the *operator for name match, example:
- `sudo dnf install xfce*`
The package manager will install all packages containing "xfce" in their names.Other package managers implement the *operator for name match, example:
- `sudo dnf install xfce*`
The package manager will install all packages containing "xfce" in their names.https://gitlab.redox-os.org/redox-os/pkgutils/-/issues/29(Feature Request) Make "pkg upgrade" update all packages installed.2023-02-25T14:46:46ZRibbon(Feature Request) Make "pkg upgrade" update all packages installed.Actually `pkg upgrade` give this error:
- `pkg: upgrade: failed: stream did not contain valid UTF-8`Actually `pkg upgrade` give this error:
- `pkg: upgrade: failed: stream did not contain valid UTF-8`https://gitlab.redox-os.org/redox-os/pkgutils/-/issues/28Panicked at "not yet implemented" in filetime set_file_handle_times2020-07-14T03:05:07Zbjorn3Panicked at "not yet implemented" in filetime set_file_handle_times![image](/uploads/d9678df7d52d84c0ba6d6842676311c2/image.png)![image](/uploads/d9678df7d52d84c0ba6d6842676311c2/image.png)https://gitlab.redox-os.org/redox-os/pkgutils/-/issues/24Check out habitat2018-06-13T19:39:52ZJeremy SollerCheck out habitat*Created by: themightychris*
It's an awesome modern package manager built with rust: https://github.com/habitat-sh/core-plans/
I saw Nix mentioned in some earlier discussions as a well-aligned existing package manager, and habitat fe...*Created by: themightychris*
It's an awesome modern package manager built with rust: https://github.com/habitat-sh/core-plans/
I saw Nix mentioned in some earlier discussions as a well-aligned existing package manager, and habitat feels very much like a conceptual descendant of Nixhttps://gitlab.redox-os.org/redox-os/pkgutils/-/issues/2pkg errors2018-06-13T19:39:52ZJeremy Sollerpkg errors*Created by: komawoyo*
Not a big deal w/ the error message but how was it able to succeed if the package wasn't able to extract? lol
![image](https://cloud.githubusercontent.com/assets/18315233/24218083/f5691df4-0f0f-11e7-85b0-6026d0...*Created by: komawoyo*
Not a big deal w/ the error message but how was it able to succeed if the package wasn't able to extract? lol
![image](https://cloud.githubusercontent.com/assets/18315233/24218083/f5691df4-0f0f-11e7-85b0-6026d0395356.png)
https://gitlab.redox-os.org/redox-os/pkgutils/-/issues/27Integrate pkgutils with OSTree (libostree)2023-02-25T15:10:34ZJeremy SollerIntegrate pkgutils with OSTree (libostree)*Created by: sptankard*
OSTree has some neat properties that are particularly useful when combined in a hybrid model with a package manager.
libostree: https://github.com/ostreedev/ostree
One of the developers mentioned here the p...*Created by: sptankard*
OSTree has some neat properties that are particularly useful when combined in a hybrid model with a package manager.
libostree: https://github.com/ostreedev/ostree
One of the developers mentioned here the potential for using libostree in writing a new package manager:
https://youtu.be/4A_xl5dC210?t=15m20s
(DevConf, Colin Walters: Hybrid image/package OS updates with rpm-ostree; at 15m20s)
This has already been done for RPM/yum/DNF, but of course that system carries a lot of legacy baggage from RPM:
https://github.com/projectatomic/rpm-ostreehttps://gitlab.redox-os.org/redox-os/pkgutils/-/issues/26Use/study TUF (The Update Framework) for security design2018-06-26T12:52:12ZJeremy SollerUse/study TUF (The Update Framework) for security design*Created by: sptankard*
In there interest of doing things the right way from the beginning, I think looking at TUF and potentially using some of the codebase may be a good idea (there's a rust-lang version). What TUF is:
> The Updat...*Created by: sptankard*
In there interest of doing things the right way from the beginning, I think looking at TUF and potentially using some of the codebase may be a good idea (there's a rust-lang version). What TUF is:
> The Update Framework (TUF) helps developers maintain the security of a software update system, even against attackers that compromise the repository or signing keys. TUF provides a flexible framework and specification that developers can adopt into any software update system.
https://github.com/theupdateframework/tuf
https://theupdateframework.github.io/security.html
https://github.com/theupdateframework/specification/blob/master/tuf-spec.md#the-update-framework-specification
Implementation in Rust:
https://github.com/heartsucker/rust-tuf
https://docs.rs/tufhttps://gitlab.redox-os.org/redox-os/pkgutils/-/issues/25Metadata signing2018-06-26T12:52:12ZJeremy SollerMetadata signing*Created by: xTibor*
The package metadata and the `repo.toml` files are not signed and verified before use. Malicous/breached repo mirrors could exploit this problem.
Related: #23*Created by: xTibor*
The package metadata and the `repo.toml` files are not signed and verified before use. Malicous/breached repo mirrors could exploit this problem.
Related: #23https://gitlab.redox-os.org/redox-os/pkgutils/-/issues/22Package Caching; Change location2018-06-26T12:52:12ZSamwiseFilmoremggmugginsmc@gmail.comPackage Caching; Change locationFor a lot of unix users, `/tmp` is used for exactly what it's called: temporary files. It seems to me that caching downloaded packages shouldn't be done in `/tmp`, since it's a more volatile location than, say, `/etc/pkd.d/pkg`, or `/pkg...For a lot of unix users, `/tmp` is used for exactly what it's called: temporary files. It seems to me that caching downloaded packages shouldn't be done in `/tmp`, since it's a more volatile location than, say, `/etc/pkd.d/pkg`, or `/pkg/cache`. Any thoughts?https://gitlab.redox-os.org/redox-os/pkgutils/-/issues/21Port cook.sh to Rust with Ion recipes2018-06-30T20:26:34ZIan Douglas ScottPort cook.sh to Rust with Ion recipesThe cook build system (`cook.sh` in the `cookbook` repo) should be ported to Rust, with individual recipes as Ion scripts.
Advantages
=========
- This can integrate better with both the pkgutils code and with the installer, since th...The cook build system (`cook.sh` in the `cookbook` repo) should be ported to Rust, with individual recipes as Ion scripts.
Advantages
=========
- This can integrate better with both the pkgutils code and with the installer, since they are all in Rust
- Naturally Redox should prefer our own Ion shell over Bash; if it is worse in some way, let's fix that
- Using Ion also avoid a dependency on Bash when running under Redox (though of course, a lot of C software will still require a bourne shell to compile)
- Ion can be embedded in the program as a library
Other considerations
================
This involves rewriting `cook.sh` and all the recipes, so it is a good time to consider other improvements to the way to cookbook works. I think it would be better to not include functions for compiling Rust code by default, but instead have a way to explicitly importing the "template" for Rust recipes. This means an extra line of boilerplate for Rust recipes, but then the C recipes will not need the boilerplate empty functions for test/update just to disable the Rust versions.
Code
====
I have started this, though there's still much to do: https://github.com/ids1024/pkgutils/tree/cook/srchttps://gitlab.redox-os.org/redox-os/pkgutils/-/issues/23Package signing2018-06-26T12:52:12ZJeremy SollerPackage signing*Created by: Sag0Sag0*
Currently packages are not signed. While the hashes of the packages are available they are not used.*Created by: Sag0Sag0*
Currently packages are not signed. While the hashes of the packages are available they are not used.https://gitlab.redox-os.org/redox-os/pkgutils/-/issues/10Add support for dependencies2018-06-26T12:52:12ZJeremy SollerAdd support for dependencies*Created by: AgostonSzepessy*
The package manager needs dependency resolution. Would the dependencies be listed by just name like this?
```
name = "package1"
version = "0.0.1"
arch = "x86_64"
depends = []
name = "package2"
ve...*Created by: AgostonSzepessy*
The package manager needs dependency resolution. Would the dependencies be listed by just name like this?
```
name = "package1"
version = "0.0.1"
arch = "x86_64"
depends = []
name = "package2"
version = "0.0.2"
arch = "x86_64"
depends = ["package1"]
```
Or do we also need to include the version numbers?
```
name = "package1"
version = "0.0.1"
arch = "x86_64"
depends = []
name = "package2"
version = "0.0.2"
arch = "x86_64"
depends = ["package1-0.0.1"]
```https://gitlab.redox-os.org/redox-os/pkgutils/-/issues/4Update support2018-06-26T12:52:12ZIan Douglas ScottUpdate supportIt should be possible to update all installed packages with a single command.
- [x] Make the cookbook create a manifest, with the names and versions of packages.
- [x] Have `pkg install` record the name and version of a package on in...It should be possible to update all installed packages with a single command.
- [x] Make the cookbook create a manifest, with the names and versions of packages.
- [x] Have `pkg install` record the name and version of a package on install.
- [x] It is probably a good idea to have the .tar package contain metadata with the version.
- [ ] Another good thing to store is a list of files belonging to a package; for many reasons (uninstall, removing file on update if not in new version, checking for conflicting files, etc.); this is not strictly necessary for updating, however.
- [ ] Add a `pkg update` command that compares installed package versions with remote, and updates if they differ.