## Adventures in oxidizing Arch Linux Package Management <p><img data-src="images/archlinux.png" height="128px"></p> <p>FOSDEM 2025</p> <p>David Runge</p>
### Overview * [ALPM π§Ά](#alpm-π§Ά) * [Motivation π₯](#motivation-π₯) * [Oxidation π¦](#oxidation-π¦)
## Background
### About * Freelance software developer * Arch Linux Package Maintainer (2017)/ Developer (2019)/ Main Signing Key (2021) * Rust, Pro-audio, Python, installation process, packaging, infrastructure
### Obligations *"I use Arch btw"* π€ͺ
### Pacman * [pacman](https://man.archlinux.org/man/pacman.8) - **pac**kage **man**ager (C) * [makepkg](https://man.archlinux.org/man/makepkg.8) - package build tool (Bash) * [repo-add](https://man.archlinux.org/man/repo-add.8) - repository management tool (Bash) * [pacman-key](https://man.archlinux.org/man/pacman-key.8) - `gpg` wrapper for pacman-specific GnuPG keyring (Bash)
### Distribution packaging * [devtools](https://gitlab.archlinux.org/archlinux/devtools) - collection of scripts to build packages in a *"clean chroot"* from build scripts (Bash) * [dbscripts](https://gitlab.archlinux.org/archlinux/dbscripts) - set of scripts to maintain the *binary* package repositories (Bash)
### User repositories * [Arch User Repository (AUR)](https://aur.archlinux.org/) - platform to provide and discuss user provided PKGBUILDs * [Unofficial user repositories](https://wiki.archlinux.org/title/Unofficial_user_repositories) - set of user-maintained *binary* package repositories (often based on PKGBUILDs from the AUR) * [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) exist to help build from source
### ALPM π§Ά
### Package building π¦ <p> <a href="mermaid/package-building.mermaid"><img height="600" data-src="images/package-building.png"></a> </p>
### Source repositories π * [PKGBUILD](https://man.archlinux.org/man/PKGBUILD.5) - Bash based build script * [.SRCINFO](https://gitlab.archlinux.org/archlinux/alpm/alpm/-/merge_requests/67) - Parseable representation of the build script
### PKGBUILD example <a href="examples/PKGBUILD">zstd 1.5.6-1</a>: ```bash pkgname=zstd pkgver=1.5.6 pkgrel=1 pkgdesc='Zstandard - Fast real-time compression algorithm' url='https://facebook.github.io/zstd/' arch=(x86_64) license=( BSD-3-Clause GPL-2.0-only ) depends=( glibc gcc-libs zlib xz lz4 ) makedepends=( cmake gtest ninja ) provides=(libzstd.so) source=(https://github.com/facebook/zstd/releases/download/v${pkgver}/zstd-${pkgver}.tar.zst{,.sig}) sha256sums=('4aa8dd1c1115c0fd6b6b66c35c7f6ce7bd58cc1dfd3e4f175b45b39e84b14352' 'SKIP') b2sums=('88430a6a5db47462f93f2458cd3cc4823913de2d2d979cad56b06b48367a4ee51f59c795944c16d06abfdd19758b69f0b6e504ed833d02ff76e4cda519d220e4' 'SKIP') validpgpkeys=(4EF4AC63455FC9F4545D9B7DEF8FE99528B52FFD) prepare() { cd ${pkgname}-${pkgver} # avoid error on tests without static libs, we use LD_LIBRARY_PATH sed '/build static library to build tests/d' -i build/cmake/CMakeLists.txt sed 's/libzstd_static/libzstd_shared/g' -i build/cmake/tests/CMakeLists.txt } build() { cd ${pkgname}-${pkgver} export CFLAGS+=' -ffat-lto-objects' export CXXFLAGS+=' -ffat-lto-objects' cmake -S build/cmake -B build -G Ninja \ -DCMAKE_BUILD_TYPE=None \ -DCMAKE_INSTALL_PREFIX=/usr \ -DZSTD_ZLIB_SUPPORT=ON \ -DZSTD_LZMA_SUPPORT=ON \ -DZSTD_LZ4_SUPPORT=ON \ -DZSTD_BUILD_CONTRIB=ON \ -DZSTD_BUILD_STATIC=OFF \ -DZSTD_BUILD_TESTS=ON \ -DZSTD_PROGRAMS_LINK_SHARED=ON cmake --build build } check() { cd ${pkgname}-${pkgver} LD_LIBRARY_PATH="$(pwd)/build/lib" \ ctest -VV --test-dir build } package() { cd ${pkgname}-${pkgver} DESTDIR="${pkgdir}" cmake --install build install -Dm 644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}" } ```
### .SRCINFO example <a href="examples/.SRCINFO">zstd 1.5.6-1</a>: ```ini pkgbase = zstd pkgdesc = Zstandard - Fast real-time compression algorithm pkgver = 1.5.6 pkgrel = 1 url = https://facebook.github.io/zstd/ arch = x86_64 license = BSD-3-Clause license = GPL-2.0-only makedepends = cmake makedepends = gtest makedepends = ninja depends = glibc depends = gcc-libs depends = zlib depends = xz depends = lz4 provides = libzstd.so source = https://github.com/facebook/zstd/releases/download/v1.5.6/zstd-1.5.6.tar.zst source = https://github.com/facebook/zstd/releases/download/v1.5.6/zstd-1.5.6.tar.zst.sig validpgpkeys = 4EF4AC63455FC9F4545D9B7DEF8FE99528B52FFD sha256sums = 4aa8dd1c1115c0fd6b6b66c35c7f6ce7bd58cc1dfd3e4f175b45b39e84b14352 sha256sums = SKIP b2sums = 88430a6a5db47462f93f2458cd3cc4823913de2d2d979cad56b06b48367a4ee51f59c795944c16d06abfdd19758b69f0b6e504ed833d02ff76e4cda519d220e4 b2sums = SKIP pkgname = zstd ```
### What is a package anyway? π€· * A (compressed) [tar](https://man.archlinux.org/man/tar.1) file * Files to be installed on a target system * _Files describing metadata_ * _Scripts running actions_
### Package metadata * [.BUILDINFO](https://alpm.archlinux.page/specifications/BUILDINFO.5.html) - build environment information * [.MTREE](https://alpm.archlinux.page/specifications/ALPM-MTREE.5.html) - file metadata of package contents (compressed libarchive [mtree](https://man.archlinux.org/man/mtree.5) file) * [.PKGINFO](https://alpm.archlinux.page/specifications/PKGINFO.5.html) - package metadata
### Scripts * [alpm-install-scriptlet](https://alpm.archlinux.page/specifications/alpm-install-scriptlet.5.html) - run predefined shell functions on host upon installation, update or removal
### .BUILDINFO example <a href="examples/.BUILDINFO">zstd 1.5.6-1</a>: ```ini format = 2 pkgname = zstd pkgbase = zstd pkgver = 1.5.6-1 pkgarch = x86_64 pkgbuild_sha256sum = 7a1931819050ed4f30ef720c4476806a1758803ecbcc0b482ee7a01cc48cada8 packager = Levente Polyak <anthraxx@archlinux.org> builddate = 1715379259 builddir = /build startdir = /startdir buildtool = devtools buildtoolver = 1:1.2.0-1-any buildenv = !distcc buildenv = color buildenv = !ccache buildenv = check buildenv = !sign options = strip options = docs options = !libtool options = !staticlibs options = emptydirs options = zipman options = purge options = debug options = lto installed = acl-2.3.2-1-x86_64 installed = archlinux-keyring-20240429-1-any installed = attr-2.5.2-1-x86_64 installed = audit-4.0.1-3-x86_64 installed = autoconf-2.72-1-any installed = automake-1.16.5-2-any installed = base-devel-1-1-any installed = bash-5.2.026-2-x86_64 installed = binutils-2.42+r91+g6224493e457-1-x86_64 installed = bison-3.8.2-6-x86_64 installed = brotli-1.1.0-2-x86_64 installed = bzip2-1.0.8-6-x86_64 installed = ca-certificates-20220905-1-any installed = ca-certificates-mozilla-3.100-1-x86_64 installed = ca-certificates-utils-20220905-1-any installed = cmake-3.29.3-1-x86_64 installed = coreutils-9.5-1-x86_64 installed = cppdap-1.58.0-1-x86_64 installed = curl-8.7.1-6-x86_64 installed = db5.3-5.3.28-5-x86_64 installed = debugedit-5.0-6-x86_64 installed = diffutils-3.10-1-x86_64 installed = e2fsprogs-1.47.0-2-x86_64 installed = expat-2.6.2-1-x86_64 installed = fakeroot-1.34-1-x86_64 installed = file-5.45-1-x86_64 installed = filesystem-2024.04.07-1-any installed = findutils-4.9.0-3-x86_64 installed = flex-2.6.4-5-x86_64 installed = gawk-5.3.0-1-x86_64 installed = gc-8.2.6-1-x86_64 installed = gcc-14.1.1+r1+g43b730b9134-1-x86_64 installed = gcc-libs-14.1.1+r1+g43b730b9134-1-x86_64 installed = gdbm-1.23-2-x86_64 installed = gettext-0.22.5-1-x86_64 installed = glib2-2.80.2-1-x86_64 installed = glibc-2.39+r52+gf8e4623421-1-x86_64 installed = gmp-6.3.0-2-x86_64 installed = gnupg-2.4.5-1-x86_64 installed = gnutls-3.8.5-1-x86_64 installed = gpgme-1.23.2-4-x86_64 installed = grep-3.11-1-x86_64 installed = groff-1.23.0-5-x86_64 installed = gtest-1.14.0-1-x86_64 installed = guile-3.0.9-1-x86_64 installed = gzip-1.13-2-x86_64 installed = hicolor-icon-theme-0.17-3-any installed = iana-etc-20240412-1-any installed = icu-74.2-2-x86_64 installed = jansson-2.14-4-x86_64 installed = json-c-0.17-1-x86_64 installed = jsoncpp-1.9.5-2-x86_64 installed = keyutils-1.6.3-2-x86_64 installed = krb5-1.21.2-2-x86_64 installed = libarchive-3.7.4-1-x86_64 installed = libassuan-2.5.7-2-x86_64 installed = libcap-2.69-4-x86_64 installed = libcap-ng-0.8.5-2-x86_64 installed = libelf-0.191-3-x86_64 installed = libevent-2.1.12-4-x86_64 installed = libffi-3.4.6-1-x86_64 installed = libgcrypt-1.10.3-1-x86_64 installed = libgpg-error-1.49-1-x86_64 installed = libidn2-2.3.7-1-x86_64 installed = libisl-0.26-2-x86_64 installed = libksba-1.6.6-1-x86_64 installed = libldap-2.6.7-2-x86_64 installed = libmpc-1.3.1-1-x86_64 installed = libnghttp2-1.61.0-1-x86_64 installed = libnghttp3-1.3.0-1-x86_64 installed = libnsl-2.0.1-1-x86_64 installed = libp11-kit-0.25.3-1-x86_64 installed = libpsl-0.21.5-2-x86_64 installed = libsasl-2.1.28-4-x86_64 installed = libseccomp-2.5.5-3-x86_64 installed = libsecret-0.21.4-1-x86_64 installed = libssh2-1.11.0-1-x86_64 installed = libsysprof-capture-46.0-3-x86_64 installed = libtasn1-4.19.0-1-x86_64 installed = libtirpc-1.3.4-1-x86_64 installed = libtool-2.4.7+83+g7b091831-1-x86_64 installed = libunistring-1.2-1-x86_64 installed = libusb-1.0.27-1-x86_64 installed = libuv-1.48.0-2-x86_64 installed = libverto-0.3.2-5-x86_64 installed = libxcrypt-4.4.36-1-x86_64 installed = libxml2-2.12.6-2-x86_64 installed = linux-api-headers-6.8-1-x86_64 installed = lz4-1:1.9.4-3-x86_64 installed = m4-1.4.19-3-x86_64 installed = make-4.4.1-2-x86_64 installed = mpdecimal-4.0.0-2-x86_64 installed = mpfr-4.2.1-3-x86_64 installed = ncurses-6.4_20230520-3-x86_64 installed = nettle-3.9.1-1-x86_64 installed = ninja-1.12.0-2-x86_64 installed = npth-1.7-1-x86_64 installed = openssl-3.3.0-1-x86_64 installed = p11-kit-0.25.3-1-x86_64 installed = pacman-6.1.0-3-x86_64 installed = pacman-mirrorlist-20231001-1-any installed = pam-1.6.1-2-x86_64 installed = pambase-20230918-1-any installed = patch-2.7.6-10-x86_64 installed = pcre2-10.43-4-x86_64 installed = perl-5.38.2-1-x86_64 installed = pinentry-1.3.0-1-x86_64 installed = pkgconf-2.1.1-1-x86_64 installed = python-3.12.3-1-x86_64 installed = readline-8.2.010-1-x86_64 installed = rhash-1.4.4-1-x86_64 installed = sed-4.9-3-x86_64 installed = shadow-4.15.1-2-x86_64 installed = sqlite-3.45.3-1-x86_64 installed = sudo-1.9.15.p5-1-x86_64 installed = systemd-libs-255.6-1-x86_64 installed = tar-1.35-2-x86_64 installed = texinfo-7.1-2-x86_64 installed = tpm2-tss-4.0.1-1-x86_64 installed = tzdata-2024a-2-x86_64 installed = util-linux-2.40.1-1-x86_64 installed = util-linux-libs-2.40.1-1-x86_64 installed = which-2.21-6-x86_64 installed = xz-5.6.1-3-x86_64 installed = zlib-1:1.3.1-2-x86_64 installed = zstd-1.5.5-1-x86_64 ```
### .MTREE example <a href="examples/.MTREE">zstd 1.5.6-1</a>: ``` #mtree /set type=file uid=0 gid=0 mode=644 ./.BUILDINFO time=1715379259.0 size=5083 sha256digest=0fca4dd006cc2dba2cc475a99e6b18019272d272b1d3f41ecbd1b25811382211 ./.PKGINFO time=1715379259.0 size=529 sha256digest=ce146619670f465b61a89b0a7f9b421fcd35fc89ed8283483be31d890a3909bf /set mode=755 ./usr time=1715379259.0 type=dir ./usr/bin time=1715379259.0 type=dir ./usr/bin/pzstd time=1715379259.0 size=92344 sha256digest=7bd671f315c27da045e8517a2e2dea475f0feccb044af83dfeb6598f42469fbd ./usr/bin/unzstd time=1715379259.0 mode=777 type=link link=zstd ./usr/bin/zstd time=1715379259.0 size=193792 sha256digest=2ba057c9d702fe905e8cef402f69c1de6318c3b795b1250e0f1bdf23086821bb ./usr/bin/zstdcat time=1715379259.0 mode=777 type=link link=zstd ./usr/bin/zstdgrep time=1715379259.0 size=3869 sha256digest=9bc769b26542ef2efa14ae29b3178b7f10639cd95544207691cb258fe06bbe17 ./usr/bin/zstdless time=1715379259.0 size=197 sha256digest=60e767b7d41a7eee6204fe34285b47e2b706797cd6ca35ca25989639f1c13159 ./usr/bin/zstdmt time=1715379259.0 mode=777 type=link link=zstd /set mode=644 ./usr/include time=1715379259.0 mode=755 type=dir ./usr/include/zdict.h time=1715379259.0 size=26433 sha256digest=02a34169467501fcc665cccb33f5bd455fdb665e9806851777dc8a6c4d5a75e3 ./usr/include/zstd.h time=1715379259.0 size=175838 sha256digest=4fab9cf39160cd15fbd9fbc2fd637ee300002fa70e307f85e8a7e45c1e057906 ./usr/include/zstd_errors.h time=1715379259.0 size=4532 sha256digest=36dbd0a595852e10ff5b52992294f610055b8781101f4634036e05cf7d4bb506 /set mode=755 ./usr/lib time=1715379259.0 type=dir ./usr/lib/libzstd.so time=1715379259.0 mode=777 type=link link=libzstd.so.1 ./usr/lib/libzstd.so.1 time=1715379259.0 mode=777 type=link link=libzstd.so.1.5.6 ./usr/lib/libzstd.so.1.5.6 time=1715379259.0 size=911304 sha256digest=91b910003ac232cfb0ca7fc11c6275f245e70f150dfd1bdb6b679c1aa3060d06 ./usr/lib/cmake time=1715379259.0 type=dir /set mode=644 ./usr/lib/cmake/zstd time=1715379259.0 mode=755 type=dir ./usr/lib/cmake/zstd/zstdConfig.cmake time=1715379259.0 size=1417 sha256digest=b6c476665fbbe88b89c3ccf8cb947280c2b492ab961b45479467ba3c2d9032d6 ./usr/lib/cmake/zstd/zstdConfigVersion.cmake time=1715379259.0 size=2762 sha256digest=39d205dbf1958b4f1f9112218fd74edece9af4095211ec6a50cbd5b4425a2605 ./usr/lib/cmake/zstd/zstdTargets-none.cmake time=1715379259.0 size=859 sha256digest=aba1e8d751cb25f0191d52a57e0797df42b48a06754104c744ee9d68d82a81ad ./usr/lib/cmake/zstd/zstdTargets.cmake time=1715379259.0 size=4752 sha256digest=baf6bb37211af4814b2841684bc49c0ed4fb203e6bd252c1f5131a00ed91b971 ./usr/lib/pkgconfig time=1715379259.0 mode=755 type=dir ./usr/lib/pkgconfig/libzstd.pc time=1715379259.0 size=448 sha256digest=e3cee840af9187369a8741cfed75cca5826a1f2d2b64ecf57e6b39cd36183d2a /set mode=755 ./usr/share time=1715379259.0 type=dir ./usr/share/doc time=1715379259.0 type=dir ./usr/share/doc/zstd time=1715379259.0 type=dir ./usr/share/doc/zstd/zstd_manual.html time=1715379259.0 mode=644 size=131382 sha256digest=873ad8ae1be0406688565675d0c458215f847acc5bdc86f6967367fb9f73e653 ./usr/share/licenses time=1715379259.0 type=dir ./usr/share/licenses/zstd time=1715379259.0 type=dir ./usr/share/licenses/zstd/LICENSE time=1715379259.0 mode=644 size=1549 sha256digest=7055266497633c9025b777c78eb7235af13922117480ed5c674677adc381c9d8 ./usr/share/man time=1715379259.0 type=dir /set mode=644 ./usr/share/man/man1 time=1715379259.0 mode=755 type=dir ./usr/share/man/man1/unzstd.1.gz time=1715379259.0 mode=777 type=link link=zstd.1.gz ./usr/share/man/man1/zstd.1.gz time=1715379259.0 size=11313 sha256digest=c422adfacaba57975a17b4c7c1fa4810ca2bfd5e415972185162fbb265fc0d3e ./usr/share/man/man1/zstdcat.1.gz time=1715379259.0 mode=777 type=link link=zstd.1.gz ./usr/share/man/man1/zstdgrep.1.gz time=1715379259.0 size=594 sha256digest=f5ea886bfde9d6d4d50756efc6c521058e81ddbce7fa25eaa48a9ba6865e5a5e ./usr/share/man/man1/zstdless.1.gz time=1715379259.0 size=259 sha256digest=a49eaa51665815b5569f5b27e7ee55ca65c83da055d94b7b8dd34696c4561737 ```
### .PKGINFO example <a href="examples/.PKGINFO">zstd 1.5.6-1</a>: ```ini # Generated by makepkg 6.1.0 # using fakeroot version 1.34 pkgname = zstd pkgbase = zstd xdata = pkgtype=pkg pkgver = 1.5.6-1 pkgdesc = Zstandard - Fast real-time compression algorithm url = https://facebook.github.io/zstd/ builddate = 1715379259 packager = Levente Polyak <anthraxx@archlinux.org> size = 1563644 arch = x86_64 license = BSD-3-Clause license = GPL-2.0-only provides = libzstd.so=1-64 depend = glibc depend = gcc-libs depend = zlib depend = xz depend = lz4 makedepend = cmake makedepend = gtest makedepend = ninja ```
### Package repository π <p> <a href="mermaid/package-installation.mermaid"><img height="560" data-src="images/package-installation.png"></a> </p>
### Repository sync databases π½ Default sync database: ```sh . |-- package-1.0.0-1 | `-- desc [..] ``` Files sync database: ```sh . |-- package-1.0.0-1 | |-- desc | `-- files [..] ```
### Repository sync database metadata π * `desc` - information on packages in the version found in a repository * `files` - list of files provided by a package found in a repository
### Repository `desc` file example <a href="examples/repository-desc">zstd 1.5.6-1</a>: ```ini %FILENAME% zstd-1.5.6-1-x86_64.pkg.tar.zst %NAME% zstd %BASE% zstd %VERSION% 1.5.6-1 %DESC% Zstandard - Fast real-time compression algorithm %CSIZE% 511583 %ISIZE% 1563644 %SHA256SUM% 81ca89591caf52923f0f2543ca52cc4683aabc90ab390d419900be28d835f0d1 %PGPSIG% iQIzBAABCgAdFiEE4kC1fixGMLp2ji8m/BtUfI2BcsgFAmY+n90ACgkQ/BtUfI2BcsjrdhAAgysfOuxRtWE8rUBi1IWZWlO1q3u+HMHdJf08FPtvDtqYBjz1LicULpTuudOOc9gZWbu/8SZBEKNbfZO3/uo/CvTBvtIP8sTWuEL2swuqrdbaW9pJXaCD8tkSxXjI3r6XOdxUpPV6fO56jZuzxKZSNV/ZmSTYm97RPNYbh9jAiNXPrRqhqhxYEkgxFnEjc4/KLWzaytsaCyPQ0rOSiYpw8TiUosQeHY01Fcd/P15e9OraW6P8FuC8+tIS/QVZXwhg56y5IKV0dUEQ0GOOmnWjinrlh8P0bCIEkPNhFTXspLeN4Iw3y30h2Gsv+mK99dTAuMD4IK++Jy2/WVKjDWfoN6EmLBpOqIL0zEGdyoP1n3Bce6b3PzX3HJTd88h10JPAV33Fp4vlPm7swdTf8/TdZ7vGEFmulwzwWVL5zkjxCVwl7rFit3OmXOO/473hEmxhEuKrEji+U0qafHG2s8Lhsjs69KlhFDJ7EjEyUddonivVZomRu76puEyGj/CMEJTcQ3qMYSozgbIl43eXmiwBM3bLPcgXOXK3p14An7Eyf3jq0O8Fx6lVFUIgtz7GopYXacmyZKE6G2rQLqW1qVVGeAogtZm2CEImD0l3p1Ukmi85OXqA/nKxR3o+PpIkzrB95FMo46zkKGywhsREHSFsykU6HgnoP3Aw9e1B4rzEGx8= %URL% https://facebook.github.io/zstd/ %LICENSE% BSD-3-Clause GPL-2.0-only %ARCH% x86_64 %BUILDDATE% 1715379259 %PACKAGER% Levente Polyak <anthraxx@archlinux.org> %PROVIDES% libzstd.so=1-64 %DEPENDS% glibc gcc-libs zlib xz lz4 %MAKEDEPENDS% cmake gtest ninja ```
### Repository `files` file example <a href="examples/repository-files">zstd 1.5.6-1</a>: ```text %FILES% usr/ usr/bin/ usr/bin/pzstd usr/bin/unzstd usr/bin/zstd usr/bin/zstdcat usr/bin/zstdgrep usr/bin/zstdless usr/bin/zstdmt usr/include/ usr/include/zdict.h usr/include/zstd.h usr/include/zstd_errors.h usr/lib/ usr/lib/cmake/ usr/lib/cmake/zstd/ usr/lib/cmake/zstd/zstdConfig.cmake usr/lib/cmake/zstd/zstdConfigVersion.cmake usr/lib/cmake/zstd/zstdTargets-none.cmake usr/lib/cmake/zstd/zstdTargets.cmake usr/lib/libzstd.so usr/lib/libzstd.so.1 usr/lib/libzstd.so.1.5.6 usr/lib/pkgconfig/ usr/lib/pkgconfig/libzstd.pc usr/share/ usr/share/doc/ usr/share/doc/zstd/ usr/share/doc/zstd/zstd_manual.html usr/share/licenses/ usr/share/licenses/zstd/ usr/share/licenses/zstd/LICENSE usr/share/man/ usr/share/man/man1/ usr/share/man/man1/unzstd.1.gz usr/share/man/man1/zstd.1.gz usr/share/man/man1/zstdcat.1.gz usr/share/man/man1/zstdgrep.1.gz usr/share/man/man1/zstdless.1.gz ```
### User system: ALPM metadata π₯οΈ * `desc` - information on packages installed on the system * `files` - list of files provided by a package installed on the system * `mtree` - metadata of files provided by a package installed on the system
### Local `desc` file example <a href="examples/local-desc">zstd 1.5.6-1</a>: ```ini %NAME% zstd %VERSION% 1.5.6-1 %BASE% zstd %DESC% Zstandard - Fast real-time compression algorithm %URL% https://facebook.github.io/zstd/ %ARCH% x86_64 %BUILDDATE% 1715379259 %INSTALLDATE% 1716501621 %PACKAGER% Levente Polyak <anthraxx@archlinux.org> %SIZE% 1563644 %REASON% 1 %LICENSE% BSD-3-Clause GPL-2.0-only %VALIDATION% pgp %DEPENDS% glibc gcc-libs zlib xz lz4 %PROVIDES% libzstd.so=1-64 %XDATA% pkgtype=pkg ```
### Local `files` file example <a href="examples/repository-files">zstd 1.5.6-1</a>: (same as repository `files` example)
### Local `mtree` file example <a href="examples/.MTREE">zstd 1.5.6-1</a>: (same as `.MTREE` example)
## Motivation π₯
* age πΈοΈ * hidden complexity 𧩠* custom file formats π * missing/incomplete documentation ποΈ * validation in untyped languages β οΈ
## Support window πͺ * pacman >= 5.1.0 * first use of BUILDINFO for reproducible builds
## Artifact validation π * custom GnuPG keyring (`/etc/pacman.d/gnupg`) * brittle, stateful, non-OpenPGP compliant
## Closed loops βΎοΈ * The Pacman project encompasses pacman *and* makepkg * Changes to internal file formats (in part used by pacman) are introduced in makepkg (in Bash) π * Changes to internal file types are defined by Pacman releases * Updates to Pacman may or may not be (silently) breaking for consumers
## File formats π * No specification, versioning or deprecation π«£ * complex! * "implementation detail" * Producing them in Bash is **hard** (and not pretty) * No unit or integration tests
## Documentation ποΈ * Many file formats not documented * Many concepts not documented * Behavior often implementation specific
## Lock-in ποΈ * library integration: libalpm * wrap Bash tooling * [dbscripts](https://gitlab.archlinux.org/archlinux/dbscripts) is limiting and dangerous (no transactions, concurrency, or rollback) * reimplement the wheel * [repod](https://gitlab.archlinux.org/archlinux/repod) required custom parsers/ specs for all file formats
## Validation, please * ```bash vercmp "π±" "πΆ" 0 ``` * packages are linted after the fact ([namcap](https://man.archlinux.org/man/namcap.1)) * existing parsers with varying degrees of compatibility in several languages (e.g. [python-srcinfo](https://github.com/kyrias/python-srcinfo) and [srcinfo.rs](https://github.com/Morganamilo/srcinfo.rs))
## Oxidation π¦
## Specifications, file formats π * versioned file format specifications * file parsers and writers, that can be integrated across languages * memory safety and speed π¦
## Frameworking βοΈ * loosely coupled components * robust Rust libraries for specific use-cases
## Improving artifact validation β οΈ * stateless * agnostic of distribution and purpose * cross-technology * [File Hierarchy for the Verification of OS Artifacts (VOA)](https://github.com/uapi-group/specifications/pull/134) * generic libraries for [lookup and OpenPGP](https://gitlab.archlinux.org/archlinux/alpm/alpm/-/merge_requests/40)
## ALPM <p><a href="mermaid/alpm-overview.mermaid"><img data-src="images/alpm-overview.png"></a></p>
## ALPM * [alpm-types](https://alpm.archlinux.page/alpm-types/index.html) * library for common types * documentation for common concepts and file formats * [alpm-parsers](https://alpm.archlinux.page/alpm-parsers/index.html): [winnow](https://github.com/winnow-rs/winnow) based parsers for the various file formats * [dev-scripts](https://alpm.archlinux.page/dev-scripts/index.html): integration tests against live data (Arch Linux packages)
## ALPM Source <p><a href="mermaid/alpm-source.mermaid"><img data-src="images/alpm-source.png"></a></p>
## ALPM Source * [SRCINFO](https://gitlab.archlinux.org/archlinux/alpm/alpm/-/merge_requests/67)*: specification for .SRCINFO * [alpm-srcinfo](https://gitlab.archlinux.org/archlinux/alpm/alpm/-/merge_requests/96)*: Parser and serializer for SRCINFO file format [*] under review
## ALPM Package <p><a href="mermaid/alpm-package.mermaid"><img data-src="images/alpm-package.png"></a></p>
## ALPM package specs * [alpm-install-scriptlet](https://alpm.archlinux.page/specifications/alpm-install-scriptlet.5.html): specification for `.INSTALL` * [ALPM-MTREE](https://alpm.archlinux.page/specifications/ALPM-MTREE.5.html): specification for `.MTREE` * [BUILDINFO](https://alpm.archlinux.page/specifications/BUILDINFO.5.html): specification for `.BUILDINFO` * [PKGINFO](https://alpm.archlinux.page/specifications/PKGINFO.5.html): specification for `.PKGINFO`
## ALPM package libraries * [alpm-buildinfo](https://alpm.archlinux.page/alpm-buildinfo/index.html): parser and serializer for BUILDINFO file format * [alpm-mtree](https://alpm.archlinux.page/alpm-mtree/index.html): parser for ALPM-MTREE file format * [alpm-pkginfo](https://alpm.archlinux.page/alpm-pkginfo/index.html): parser and serializer for PKGINFO file format
## Future work π * upstreaming * documentation * libraries
## Upstreaming π * (optionally) replace reference implementations in `makepkg` and `repo-add` * export for other languages (e.g. Python) to replace duplicate efforts
## More documentation ποΈ * file formats * desc * files * concepts * soname handling * ALPM package
## Libraries * desc * files * ALPM package (creation, validation)
## The deep end π * provide drop-in replacement for `libalpm` * integrate VOA * repo syncing, package download * package installation, upgrade, removal * unify existing file formats where possible
## ALPM Repo <p><a href="mermaid/alpm-repo.mermaid"><img data-src="images/alpm-repo.png"></a></p>
## ALPM Pkg Management <p><a href="mermaid/alpm-pkg-management.mermaid"><img data-src="images/alpm-pkg-management.png"></a></p>
## Funding π° * [Sovereign Tech Agency](https://www.sovereign.tech/tech/arch-linux-package-management) * [Official announcement](https://lists.archlinux.org/archives/list/arch-dev-public@lists.archlinux.org/thread/MZLH43574GGP7QQ7RKAAIRFT5LJPCEB4/)
## Contact π± * Website: https://alpm.archlinux.page * Repo: https://gitlab.archlinux.org/archlinux/alpm/alpm * [#alpm](ircs://irc.oftc.net/alpm) on [OFTC](https://oftc.net/) or [arch-projects](https://lists.archlinux.org/listinfo/arch-projects) mailing list * [David Runge \<dvzrv@archlinux.org\>](mailto:dvzrv@archlinux.org) * [@dvzrv@chaos.social](https://chaos.social/@dvzrv)
## Slides π± <p><img data-src="images/slides.png"></p>