[arch-general] Announcing pacpak

pelzflorian (Florian Pelz) pelzflorian at pelzflorian.de
Mon Jul 11 17:24:49 UTC 2016 

On 07/11/2016 06:14 PM, G. Schlisio wrote:
> […]
> an install command would likely look like -S like in pacman?
> whats the base for installation? PKGBUILDs (from AUR/ABS), official
> repos, some new platform containing build recipes for pacpak?
>

pacpak will use the official repos (or other repos depending on the
pacman.conf that is used) with the -S option and *.pkg.tar.gz with the
-U option. Making -U accept PKGBUILDs directly seems like a useful
feature though.

>> `pacpak -Syu` would therefore always install exactly the same version of
>> the software as available with regular pacman.
> 
> -Syu with pacman means refresh databases and install all available
> updates. does this mean pacpak execute this logic on all installed
> containers as pacman executes on all installed packages? especially the
> refresh part makes no sense to me at this point.  what external database
> is there to refresh?
>
> […]
>> it can be used to create containers from existing Arch packages.
>
> sounds like working from /var/cache/pacman.
>

Since pacpak should be used without root privileges, I cannot use
/var/cache/pacman as the package cache. In fact, I’d like to use an
unprivileged pacpak-exclusive user for running pacman. pacpak will
probably use one package cache per app. Packages common to multiple apps
and their caching will be shared. (Flatpak uses runtime + SDK platforms
on top of which apps as well as other platforms can be built. Many apps
can share the same platform with its files.)

`pacpak -Syu` would therefore refresh and upgrade each platform and then
each app running on top of it. What I’m not sure about is whether anyone
would want to only upgrade without refreshing. Probably there are some
exceptional situations where the answer is yes.

> i generally like the idea of isolating and running untrusted software,
> as it allows one to implement sth like an applicationwise firewall (as
> done in android. wether this reduces or increases attack surface heavily
> depends on the implementation and its possibilities, but running
> malicious software will never be safe. this only adds another layer of
> control to the os.
> 
> georg
> 

It won’t be completely safe. I will add a reminder for new pacpak users
to make sure they are aware of this as well.

Regards,
Florian Pelz

More information about the arch-general mailing list