[pacman-dev] RFC: 'repo-add' command for repository discovery

Tim Groeneveld tim at timg.ws
Tue Jul 21 04:58:10 UTC 2015 

Hi Everyone,

I have been thinking about the creation of a tool similar to Ubuntu's add-apt-repository,
allowing some automation of the repository adding process inside Arch Linux.

My thoughts at the moment would be to create a simple bash script (`repo-add`?) that would
get the TXT record for the second command line argument.

For example, I could run:

     repo-add packages.timg.ws

The script would then get the TXT record for packages.timg.ws. That TXT record would point
to a .conf file that contains all of the configuration for the "packages.timg.ws" repository.

That .conf file would be downloaded, and then placed into /etc/pacman.d

My thinking is that this command would set up the pacman configuration, and check that
everything is OK. If the .conf file contains as a comment with the fingerprint and location
of a public key, then `pacman-key` can additionally be automated, maybe showing
a message showing what the fingerprint is and that the gpg key downloaded from
the comment on the .conf file matches that of the public key.

Additionally, a .conf file from the TXT record could also suggest that packages get
installed straight after the repo-add command has been ran.

If the second command is a URI, then either that file could be downloaded (skipping the
"discovery" of a repository), or just the host could be extracted from the URI allowing
the discovery to go back to the TXT record. 

Having this command use the TXT record has two awesome advantages:

1. My site (eg, packges.timg.ws) could be hosted on a different server to where the packages are.
2. No more copying & pasting a whole bunch of configuration to add a repository.

Example Run:

# repo-add packages.timg.ws

1. The script dig's the hostname that was entered as the second argument on the script:

# dig TXT packages.timg.ws +short
"http://timg.ws/archlinux/repo/timgws.conf"

2. The .conf file is downloaded.

3. The GPG key shown in the .conf file is downloaded

4. Fingerprint matched, OK (here there would be a warning if the fingerprint of key != fingerprint in conf)

5. Fingerprint shown, confirmation requested

6. conf added to pacman, if packages are suggested, show what they are, ask to run pacman -Su <packages>

7. ???

8. Profit!


Please let me know your thoughts.

Tim

More information about the pacman-dev mailing list