On 2011/5/21 ari edelkind<edelkind+arch-pacman@gmail.com> wrote:
- What's the general idea -- the program flow -- of the way it's
currently being implemented? Pseudo-code would be perfect for
answering this, but really, anything with system-level details
will do (the "package signing proposal" is not current and does
not contain system-level details).
Hello Ari,
It's a bit difficult to answer that question, I don't exactly what
documentation sources there are out there. I'll try a rough draft, and
then you can ask more questions if you want. Also try to have a look
at pyalpm: it contains example scripts in Python that try to replicate
pacman 3.5 behaviour.
Here is how to use libalpm :
- initialize it (alpm_initialize)
- set options (alpm_option_set_*)
- register databases (alpm_db_register_sync)
- do something (many functions there)
- unregister databases
- release the library (alpm_release)
In the "do something" part, you may perform a transaction, that is,
installation or uninstallation of packages. Transactions are done as
follows :
- alpm_trans_init with proper options
- alpm_trans_add / alpm_trans_remove (says which packages you want to
add or remove)
- alpm_trans_prepare : this will resolve dependencies and conflicts
- alpm_trans_commit : this will download packages, check them (md5 or
signature), and install/remove them
- alpm_trans_release()
The functions that are called to check signature are
alpm_db_check_pgp_signature, alpm_pkg_check_pgp_signature. Options
make this check optional if needed.
To be honest, I have very little idea about pacman "program flow". I
follow something like this every time I go to dig deeper into the pacman
code and fix something:
> To be honest, I have very little idea about pacman "program flow". * I
> follow something like this every time I go to dig deeper into the pacman
> code and fix something:
>
> http://allanmcrae.com/2010/11/basic-overview-of-pacman-code/
This is quite useful.
I should say, however, that i wasn't actually referring to pacman
program flow -- i was referring specifically to the flow of the
signing/verification process, as it's intended to operate.
ari
05-21-2011, 02:49 PM
Rémy Oudompheng
About pacman and libalpm workflow
On 2011/5/21 ari edelkind <edelkind+arch-pacman@gmail.com> wrote:
>> To be honest, I have very little idea about pacman "program flow". * I
>> follow something like this every time I go to dig deeper into the pacman
>> code and fix something:
>>
>> http://allanmcrae.com/2010/11/basic-overview-of-pacman-code/
>
> This is quite useful.
> I should say, however, that i wasn't actually referring to pacman
> program flow -- i was referring specifically to the flow of the
> signing/verification process, as it's intended to operate.
There is not really any flow: the signatures are downloaded along with
the package, and the MD5 check is supplemented/replaced by a signature
check (which is essentially a single call to libgpgme).
Same process for databases.
About pacman and libalpm workflow
