Repositories

From Gnuffy

(Redirected from Repository)
Jump to: navigation, search

A repository is a location where you can get packages to install from. In Gnuffy, we offer to install packages from any archlinux-repository (arch-core, arch-extra, arch-community, arch-testing, arch-unstable and even AUR) but, of course, there are pure Gnuffy-repositories, offered by gnuffy-users, too (containing additional software or even alternative builds).

While packages from archlinux-repositories are not digitally signed, any package or PKGBUILD in a gnuffy repository is signed by the owner of the repository (typically the one who wrote the PKGBUILD and built the binary package (if offered). All repositories are registered in a single package-list, you do not have to search for repositories. Repositories can include binary packages and PKGBUILDs. If a package is offered in binary format and as a PKGBUILD, spaceman offers to install the binary, but if you prefer, you can build from source, too. If a package is offered as PKGBUILD only, spaceman automatically will build the package for you when you chose to install it.

There is a (possibly incomplete) list of repositories.

Contents

Repositories as treated by Spaceman

Using spaceman, you will quite soon experience that it asks you how to handle certain repositories - to mark them as "trusted", "used" or "blocked".

As Spaceman allows everyone to create a repository and includes every package of every announced repository in its package list, there is, of course, the possibility of a repository being an evil one. This is why you get the chance to judge how trustable a repository is - you should be aware of the fact that the content of packages is likely not to be controlled by anyone but their builder.

In general, Arch Linux packages should be trustable. Additionally, at the moment, the main part of a Gnuffy system consists of Arch Linux packages, so you should mark Arch Linux repositories as "trustable" if you are not sure about why not to do so.

As spaceman is only available from the "blackpenguin" repository, it would be a bad idea to mark this one as "blocked". Better "use" or "trust" it.

  • "Trusted" repositories will never be prompted for again. Using spaceman's default colors, these repositories get the green color. A list of trusted GPG keys (or repositories as far as Arch linux is concerned) is registered in /etc/spaceman/keys.trusted (see spaceman article for a complete list of its files). Editing this list with an editor is possible. Changes will be recognised by spaceman.
  • "Used" repositories will be prompted for again. By default, they are displayed in yellow color. You can treat this status as kind of a "default" value for repositories you do not fully trust, such as the "local" repository for self-built packages (it would be nice to know that you are installing from there, wouldn't it?). Used repositories (or rather the GPG key ID) are registered in /etc/spaceman/keys.used.
  • "Blocked" repositories will never be used by spaceman. Instead, it will ignore all of their contents. By default, they are displayed in red color. Use this switch only for repositories that you really want to avoid. A list of blocked keys/repositories is registered in /etc/spaceman/keys.blocked.


Running a repository

Anyone - even you - can open an own repository and offer packages to the gnuffy community without asking. It is your right to join, no one will stop you. All you need is your own gnupg-key to sign your packages and some web- or ftp-space where your packages can be downloaded from. In case you don't have own web- or ftp-space to offer packages but still would like to offer your own packages in a repository, don't be shy, join the mailing list or IRC channel and ask the friendly gnuffy community. We are most probably going to find a solution (i.e. web-/ftp-space you can upload your packages to)

Create your own repository

Gnuffy welcomes anyone to set up and host an own repository. All you need is a gpg-key (remember, all gnuffy packages are signed), some web- or ftp-space and, of course, your packages. In case you build your packages as root (not recommended), spaceman will change the UID to user spaceman and therefore, you have to copy directory ~/.gnupg to $SPACEMAN_HOME (/var/db/pkg/ by default) so the spaceman user is able to use your private key to sign packages and pkgbuilds. This is not necessary, if you use a normal user account to build your packages and maintain your repository.

Afterwards, just start building the binary packages and store everything which contains *bz2* in a single directory without sub-directories. For example:

  • lovely-1.1.pkgbuild.tar.bz2
  • lovely-1.1.pkgbuild.tar.bz2.sign
  • lovely-1.1.pkg.tar.bz2
  • lovely-1.1.pkg.tar.bz2.sign

You are encouraged to offer pkg.tar.bz2 and pkgbuild.tar.bz2, however sometimes people prefer to offer a pkgbuild.tar.bz2 only (i.e. if the package works best when locally build or even if the package is so small, that it wouldn't make sense to offer a binary for it). You can just leave away the *pkg.tar* in that case and the package will appear in the packagelist as src-only. If your packages are not signed already (you got the option to do this after successfully building a package), don't worry about that, you will get the opportunity to do this before sending the list of your packages to a packagelist-server. Once you have copied or moved your packages to a single directory, run 

 spaceman --new-repos

Spaceman will ask some questions:

  • Where is your new repository located in your local filesystem?

Enter the path to the directory containing your packages. You can use tab-completion as you know from the shell here.

  • Please enter a unique repos-name

Chose a name for your repository (Attention: everyone will see that!). The name of your repository can contain any letters [a-z] uppercase and lowercase, numbers and "_". Spaces are not allowed in repository-names. The maximum length for the name is 16 characters. And yes, you really need a name for your repository, it cannot be empty.

  • Found 'i686' as architecture for your pkglist - Is your repos 'i686', too (Y/N)?

Usually users offer packages for their own architecture. So you can probably just say yes here. However sometimes you might want to offer packages for a different architecture, this is why spaceman asks about it.

  • Please enter the full base-URL to your repository

The base URL is the URL your packages can be downloaded from, including protocol but, of course without the filename. So, if you make a package available for downlad at http://mygnuffyrepos.org/path/to/packages/lovely-1.1.pkg.tar.bz2 you would enter http://mygnuffyrepos.org/path/to/packages/ here.

  • Your repos-information has been saved to ~/.spaceman.repository

You are finished with repository-creation, although your repos is not published yet. The information you entered is stored in a file ~/.spaceman.repository where you can edit it (for example if your download-URL changed or something). You can have more than one repository if you want (use --new-repos for each new repository), so each repository is represented by its own entry in ~/.spaceman.repository

There is also a variable reposrun[0] in this file where you can put a command you would like to run each time you update your repository. So you can automate the process of uploading your packages to your download-space here. As an example 

  reposrun[0]="rsync -avurz --delete -e ssh /home/black/gnuffy/repos user@host:/home/user/www/gnuffy/"

would run the given rsync command each time you run "spaceman --update-repos"

Sending the list of your offered packages to the packagelist-server

Each time you have added one or more packages to your repository (and even after running "spaceman --new-repos") you should run 

 spaceman --update-repos

This will search for changes in your local repository directory, create a new repos-index.bz2 (which is needed to be signed by you) and submit this file to the packagelist-server It will also check the files are signed and asks you to do so if they aren't. If you have built many packages without signing them, it is recommended to use gpg-agent, since you probably do not want to enter your gpg-mantra again and again (hey, isn't this why they call it mantra?)

Make everything inside the directory reachable from the url so users can download it. Congratulations - your packages will be included in Gnuffy's packagelist very soon.


Closing a repository

If you changed your mind and you want to shut down your repository for some reason, please cleanup the gnuffy-pkglist by submitting an empty repos-index.bz2 - This can be done by deleting all files in your local repository-directory and running spaceman --update-repos again.

See also: (probably incomplete) list of repositories with descriptions (add your new repository, if you like)

Retrieved from "http://gnuffy.chaotika.org/index.php/Repositories"
Personal tools