Sbopkg package manager

New features which should be implemented in Porteus; suggestions are welcome. All questions or problems with testing releases (alpha, beta, or rc) should go in their relevant thread here, rather than the Bug Reports section.
User avatar
francois
Contributor
Contributor
Posts: 4902
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Sbopkg package manager

Post#1 by francois » 17 Jul 2011, 03:27

I just got acquainted with that program called Sbopkg. As brokenman might integrate sbopkg within PPM (Porteus package manager). I thought it would be a good thing to get a few links on the program. Not much is necessary to say as other have been doing a good job.

Definition.
Sbopkg is a an utility that enables packages build from the SlackBuilds.org repository. It is said to be ncurses-based. Curses library, or a compatible library such as Ncurses, is designed to facilitate GUI-like functionality on a text-only device.

Use.
Once the utility is installed all you have is to issue the following command to get into the gui:
bash-4.1# sbopkg

Each time you use sbopkg you should begin with Sync before building a package.

The site for sbopkg:
http://sbopkg.org/

Procedure modified from Salix procedure:
http://www.salixos.org/wiki/index.php/H ... with_Salix

1) Download the .txz package, and convert it to a module porteus way with txz2xzm or with right click on file to txz2xzm.
2) Replace in file /usr/sbin//sbopkg the expression:
upgradepkg --reinstall --install-new $OLDPKG%$INSTDIR/$INSTPKG
by:
spkg -u --reinstall --install-new $PKG
3) bash-4.1# sbopkg
...
4) C for accepting to creat necessary directores
5) Sync

You are ready to build automatically slackware packages from SlackBuild.org.


Major article on sbopkg by Drew Ames (2008) on Linux.com:
http://www.linux.com/archive/feature/148826


Playing along with the package, I hope to be able to increment the content on sbopkg.

Those of you who already use it are invited to comment on this thread.

Edited as 2011-07-22, 1627h, Montréal.
Last edited by francois on 27 Jul 2011, 23:19, edited 4 times in total.
Voltaire: Le mieux est l'ennemi du bien.

User avatar
Hamza
Warlord
Warlord
Posts: 1846
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: Sbopkg package manager

Post#2 by Hamza » 17 Jul 2011, 08:13

Thanks to share your ideas and knowledge!
NjVFQzY2Rg==

User avatar
francois
Contributor
Contributor
Posts: 4902
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: Sbopkg package manager

Post#3 by francois » 17 Jul 2011, 13:09

Lets say that knowledge is a big word, experience would not be appropriate too. I would prefer experiment.

I would like to know what brokenman and blaze, amongst others, have to say on sbopkg. I am sure that they played a lot with it.
Voltaire: Le mieux est l'ennemi du bien.

User avatar
brokenman
Site Admin
Site Admin
Posts: 5436
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v3.2rcX all desktops
Location: Brazil
Contact:

Re: Sbopkg package manager

Post#4 by brokenman » 17 Jul 2011, 13:14

It is a great little tool and at the moment i am writing a feature into PPM that does the same thing. It is not sbopkg, but will (for the purpose of PPM) do all the same things.
This feature will include being able to sync an online repo, or just use the 'express online' version which doesn't mirror the entire repo locally, instead only downloading the files you require.
How do i become super user?
Wear your underpants on the outside and put on a cape.

User avatar
Hamza
Warlord
Warlord
Posts: 1846
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: Sbopkg package manager

Post#5 by Hamza » 17 Jul 2011, 13:21

@brokenman,
Looks like you will made a great tool for every users of Porteus!
NjVFQzY2Rg==

User avatar
francois
Contributor
Contributor
Posts: 4902
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: Sbopkg package manager

Post#6 by francois » 17 Jul 2011, 13:28

@brokenman:

Thanks for the reply.

However, this might be my peculiar case, it is the first time that I really get to assemble a package from SlackBuilds.org repository.

For example: I have been able to get the Domination game working on other distributions, debian type only. I was not able to do so on slackware. I find it great to get the game going on porteus, see:
http://porteus.org/forum/viewtopic.php?f=48&t=681

Sbopkg makes things a lot simpler. And often, I like the easy way. But I imagine, as you always do thing in depth, that PPM will be able to use SlackBuilds.org content.
Voltaire: Le mieux est l'ennemi du bien.

User avatar
wread
Module Guard
Module Guard
Posts: 1061
Joined: 09 Jan 2011, 18:48
Distribution: Porteus v3.2.5-kde5-64 bits
Location: Santo Domingo
Contact:

Re: Sbopkg package manager

Post#7 by wread » 17 Jul 2011, 21:58

@francois
Fine Bussines! I downloaded and installed Sbopkg. Very good, thanks for the tip! :Yahoo!:
Porteus is proud of the FASTEST KDE ever made.....(take akonadi, nepomuk and soprano out and you will have a decent OS).
The Porteus Community never sleeps!

User avatar
Hamza
Warlord
Warlord
Posts: 1846
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: Sbopkg package manager

Post#8 by Hamza » 18 Jul 2011, 08:50

@francois,

Did you tried to make it from SlackBuild ?
NjVFQzY2Rg==

User avatar
francois
Contributor
Contributor
Posts: 4902
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: Sbopkg package manager

Post#9 by francois » 18 Jul 2011, 17:28

@wread:
I am very pleased to contribute, and even more if it makes a difference for you.

@hamza:
Yes, I did use Sbopkg to build the Domination or Risk game as pointed in the preceeding post, see:
http://porteus.org/forum/viewtopic.php?f=48&t=681
Voltaire: Le mieux est l'ennemi du bien.

User avatar
Hamza
Warlord
Warlord
Posts: 1846
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: Sbopkg package manager

Post#10 by Hamza » 18 Jul 2011, 18:15

Looks like really good!
NjVFQzY2Rg==

User avatar
francois
Contributor
Contributor
Posts: 4902
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: Sbopkg package manager

Post#11 by francois » 20 Jul 2011, 19:19

It was really easy. It will be interesting to see how it manages more complex set of packages. Let us hear from your eperience with sbopkg.
Voltaire: Le mieux est l'ennemi du bien.

User avatar
BlackRider
Black ninja
Black ninja
Posts: 70
Joined: 13 Jul 2011, 11:04
Location: Nowhere
Contact:

Re: Sbopkg package manager

Post#12 by BlackRider » 20 Jul 2011, 22:30

Taking advantage of SlackBuilds.org is a good idea, indeed. However, please, remember that some of the sources posted there are not 100% trustable.

A guy wrote in their mailing list:
There really isn't anything to trust here, and the site pretty
much says so too. you get a very small script, which is overwhelmingly
just a boilerplate. So if an SBo maintainer were to do anything funky...
In other words: the mantainers of the site just test that the script builds and that it makes no bizzarre attempts to do harm. However, if I submited a script and a source,a source with malware , someone could compile it and introduce the malware in his system anyway. This is why I always recomend to get the source straight from upstream.

I am sorry, but my paranoid soul has forced me to invade this thread :-)

User avatar
francois
Contributor
Contributor
Posts: 4902
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: Sbopkg package manager

Post#13 by francois » 21 Jul 2011, 02:12

It is very good to have someone acquainted with the finest security issues. Your comment is appreciated and especially for those in more critical environment with more stringent security measures. Which maybe I do not personally have the need.

I do not know exactly who you cite, but in the hypelink mentioned above you could read, see:
http://www.linux.com/archive/feature/148826

"... Slackbuilds.org is closest thing available to an official Slackware repository. It is administered by people on the Slackware development team and recommended by Slackware's maintainer, Patrick Volkerding, in the Slackware release notes ..."

In addition, as fanthom mentioned the process of accepting seems to be good enough for the packages proposed on the porteus repository on your thread called Security of porteus ... :
http://porteus.org/forum/viewtopic.php? ... thom#p5137

However, you could pursue in the thread of yours if you want the flaws that you have submited. It would be interesting to have the debate over there. I am no expert on security issues, but am very interested in the topic.

Posted after 47 minutes 2 seconds:
My intent is to build packages with sbopkg, trim them and submit them for porteus repository. I hope that is not a problem for the maintainers.
Voltaire: Le mieux est l'ennemi du bien.

User avatar
BlackRider
Black ninja
Black ninja
Posts: 70
Joined: 13 Jul 2011, 11:04
Location: Nowhere
Contact:

Re: Sbopkg package manager

Post#14 by BlackRider » 21 Jul 2011, 08:59

The words I quoted belong to Bradley D. Thornton.

There was a very interesting discussion about the security of SlackBuild's procedures not much time ago. You know that in each build's page, there are links to the script and the source, don't you? Most times, the links to the source point to the sorces provided by the authors. Some times, they point to a suspicious site, that should be not trusted unles you trust that particular mantainer.

Suspicious locations are not an evidence of the mantainer being a Black Hat. Many upstream proyects do not mantain their tarrballs in their servers once a new version is released, so SlackBuilders have to take a copy of those old versions and host them somewhere (for example, in FileFactory). However, the fact is that the procedence of those tarballs cannot be verified easily. If someone puts an evil patch inside of one...

Sure, the malware could be detected by auditing the code, but I guess no much people does review the code line by line.

User avatar
francois
Contributor
Contributor
Posts: 4902
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: Sbopkg package manager

Post#15 by francois » 21 Jul 2011, 10:50

Is there a simple solution to that? How would you edit the code?
Voltaire: Le mieux est l'ennemi du bien.

Post Reply