Re: [pacman-dev] About pacman and libalpm workflow
On 2011/5/21 ari edelkind <edelkind+arch-pacman@gmail.com> wrote:
- What's the general idea -- the program flow -- of the way it's currently being implemented? Pseudo-code would be perfect for answering this, but really, anything with system-level details will do (the "package signing proposal" is not current and does not contain system-level details).
Hello Ari, It's a bit difficult to answer that question, I don't exactly what documentation sources there are out there. I'll try a rough draft, and then you can ask more questions if you want. Also try to have a look at pyalpm: it contains example scripts in Python that try to replicate pacman 3.5 behaviour. Here is how to use libalpm : - initialize it (alpm_initialize) - set options (alpm_option_set_*) - register databases (alpm_db_register_sync) - do something (many functions there) - unregister databases - release the library (alpm_release) In the "do something" part, you may perform a transaction, that is, installation or uninstallation of packages. Transactions are done as follows : - alpm_trans_init with proper options - alpm_trans_add / alpm_trans_remove (says which packages you want to add or remove) - alpm_trans_prepare : this will resolve dependencies and conflicts - alpm_trans_commit : this will download packages, check them (md5 or signature), and install/remove them - alpm_trans_release() The functions that are called to check signature are alpm_db_check_pgp_signature, alpm_pkg_check_pgp_signature. Options make this check optional if needed. Rémy.
On 21/05/11 19:15, Rémy Oudompheng wrote:
On 2011/5/21 ari edelkind<edelkind+arch-pacman@gmail.com> wrote:
- What's the general idea -- the program flow -- of the way it's currently being implemented? Pseudo-code would be perfect for answering this, but really, anything with system-level details will do (the "package signing proposal" is not current and does not contain system-level details).
Hello Ari,
It's a bit difficult to answer that question, I don't exactly what documentation sources there are out there. I'll try a rough draft, and then you can ask more questions if you want. Also try to have a look at pyalpm: it contains example scripts in Python that try to replicate pacman 3.5 behaviour.
Here is how to use libalpm : - initialize it (alpm_initialize) - set options (alpm_option_set_*) - register databases (alpm_db_register_sync) - do something (many functions there) - unregister databases - release the library (alpm_release)
In the "do something" part, you may perform a transaction, that is, installation or uninstallation of packages. Transactions are done as follows : - alpm_trans_init with proper options - alpm_trans_add / alpm_trans_remove (says which packages you want to add or remove) - alpm_trans_prepare : this will resolve dependencies and conflicts - alpm_trans_commit : this will download packages, check them (md5 or signature), and install/remove them - alpm_trans_release()
The functions that are called to check signature are alpm_db_check_pgp_signature, alpm_pkg_check_pgp_signature. Options make this check optional if needed.
To be honest, I have very little idea about pacman "program flow". I follow something like this every time I go to dig deeper into the pacman code and fix something: http://allanmcrae.com/2010/11/basic-overview-of-pacman-code/ Allan
To be honest, I have very little idea about pacman "program flow". I follow something like this every time I go to dig deeper into the pacman code and fix something:
http://allanmcrae.com/2010/11/basic-overview-of-pacman-code/
This is quite useful. I should say, however, that i wasn't actually referring to pacman program flow -- i was referring specifically to the flow of the signing/verification process, as it's intended to operate. ari
On 2011/5/21 ari edelkind <edelkind+arch-pacman@gmail.com> wrote:
To be honest, I have very little idea about pacman "program flow". I follow something like this every time I go to dig deeper into the pacman code and fix something:
http://allanmcrae.com/2010/11/basic-overview-of-pacman-code/
This is quite useful. I should say, however, that i wasn't actually referring to pacman program flow -- i was referring specifically to the flow of the signing/verification process, as it's intended to operate.
There is not really any flow: the signatures are downloaded along with the package, and the MD5 check is supplemented/replaced by a signature check (which is essentially a single call to libgpgme). Same process for databases. -- Rémy.
participants (3)
-
Allan McRae
-
ari edelkind
-
Rémy Oudompheng