While i have been searching for a package management system different from the common ones thinking about security I tripped [pun not intended] on this one...:
Trip 0.3 made by Pierre Hebert.
http://www.pierrox.net/trip/
I love the simplicity... its just a bash script that you can modify yourself at any point which handles tar-balls. It provides a little better security as far as I understand.
Now, I am not sure if i understand correctly but the main point is that he uses unionfs to overlap the root system in read only mode and a temporal mount called /mnt/pkg in which the packages will be temporally installed using a command like:
Code:
trip -i foopkg.tar.gz
Now what i dont get is if root is read only how does trip installs the package?
also, why the need of a binary tar ball?
he says that you need to do:
and then
Code:
trip -i foo12.3.tar.bz
as I understand it will first
Quote:
create a package named "foo12.3.tar.bz" in the current directory, containing the standard directory structure
|
which you will install, but I mean isnt it empty because you didnt specify any sources...or I am missing something?
I would also like to know why did he mention this warning:
Quote:
WARNING : Trip wont work as expected if your system is based on several file systems, for example / and /usr. In this case /usr will not be visible inside /mnt/union and so a lot of things will probably not work. Work is in progress to drop this limitation.
|
When he mentions
file systems what do you think he means because as far as I know / and /usr are folders of the same file system or I am missing something there too?
Finally Im aware that he is using this mainly for LFS but I am thinking [after finish reading Advanced Bash Scripting] on maybe expanding this script to fit my needs on other distros and maybe generalize it so other people can benefit of it!!
So, can you guys tell me your opinion on this approach, downfalls that you might see, problems that he doesnt mention... [well, he does says that his work is in beta and that bugs may be found] etc.
--
In an almost totally off topic
Is there a repository of just tarballs similar to ex. slackbuild repository??
The reason being that as trip handles tarballs maybe I can modify the script to search in a repository for a specific program that i want to download, since he made it clear that
"Trip is not RPM nor DPKG (to name only two). It will not fetch packages automatically for you from internet." but maybe it is a good idea to at least point to a web page where it download the sources that you are searching for!
Im thinking something as a:
Code:
wget $1* http//foo.com/sources/
(sorry if there's any mistake there but Im a newbie in bash scripting, I just have so many ideas that i cant put in to script that hopefully when i finish with the ABS book it will be little better)
when you do something like
Code:
trip -ds bash
[ds = download source, which is just made up as an example]
I hope to get some constructive criticism here
Thanks in advance guys!