Page 1 of 2

Sbopkg package manager

Posted: 17 Jul 2011, 03:27
by francois
I just got acquainted with that program called Sbopkg. As brokenman might integrate sbopkg within PPM (Porteus package manager). I thought it would be a good thing to get a few links on the program. Not much is necessary to say as other have been doing a good job.

Definition.
Sbopkg is a an utility that enables packages build from the SlackBuilds.org repository. It is said to be ncurses-based. Curses library, or a compatible library such as Ncurses, is designed to facilitate GUI-like functionality on a text-only device.

Use.
Once the utility is installed all you have is to issue the following command to get into the gui:
bash-4.1# sbopkg

Each time you use sbopkg you should begin with Sync before building a package.

The site for sbopkg:
http://sbopkg.org/

Download the file and tgz2xzm it:
https://github.com/sbopkg/sbopkg/releas ... -1_wsr.tgz

There is now a gui for sbopkg:
http://gernot-walzl.at/Slackware/sbopkg_gui/

Procedure modified from Salix procedure:
http://www.salixos.org/wiki/index.php/H ... with_Salix

1) Download the .txz package, and convert it to a module porteus way with txz2xzm or with right click on file to txz2xzm.
2) Replace in file /usr/sbin//sbopkg the expression:
upgradepkg --reinstall --install-new $OLDPKG%$INSTDIR/$INSTPKG
by:
spkg -u --reinstall --install-new $PKG
3) bash-4.1# sbopkg
...
4) C for accepting to creat necessary directores
5) Sync

You are ready to build automatically slackware packages from SlackBuild.org.


Major article on sbopkg by Drew Ames (2008) on Linux.com:
https://www.linux.com/news/sbopkg-provi ... slackware/


Playing along with the package, I hope to be able to increment the content on sbopkg.

Those of you who already use it are invited to comment on this thread.

Edited as 2011-07-22, 1627h, Montréal.

Re: Sbopkg package manager

Posted: 17 Jul 2011, 08:13
by Hamza
Thanks to share your ideas and knowledge!

Re: Sbopkg package manager

Posted: 17 Jul 2011, 13:09
by francois
Lets say that knowledge is a big word, experience would not be appropriate too. I would prefer experiment.

I would like to know what brokenman and blaze, amongst others, have to say on sbopkg. I am sure that they played a lot with it.

Re: Sbopkg package manager

Posted: 17 Jul 2011, 13:14
by brokenman
It is a great little tool and at the moment i am writing a feature into PPM that does the same thing. It is not sbopkg, but will (for the purpose of PPM) do all the same things.
This feature will include being able to sync an online repo, or just use the 'express online' version which doesn't mirror the entire repo locally, instead only downloading the files you require.

Re: Sbopkg package manager

Posted: 17 Jul 2011, 13:21
by Hamza
@brokenman,
Looks like you will made a great tool for every users of Porteus!

Re: Sbopkg package manager

Posted: 17 Jul 2011, 13:28
by francois
@brokenman:

Thanks for the reply.

However, this might be my peculiar case, it is the first time that I really get to assemble a package from SlackBuilds.org repository.

For example: I have been able to get the Domination game working on other distributions, debian type only. I was not able to do so on slackware. I find it great to get the game going on porteus, see:
http://porteus.org/forum/viewtopic.php?f=48&t=681

Sbopkg makes things a lot simpler. And often, I like the easy way. But I imagine, as you always do thing in depth, that PPM will be able to use SlackBuilds.org content.

Re: Sbopkg package manager

Posted: 17 Jul 2011, 21:58
by wread
@francois
Fine Bussines! I downloaded and installed Sbopkg. Very good, thanks for the tip! :Yahoo!:

Re: Sbopkg package manager

Posted: 18 Jul 2011, 08:50
by Hamza
@francois,

Did you tried to make it from SlackBuild ?

Re: Sbopkg package manager

Posted: 18 Jul 2011, 17:28
by francois
@wread:
I am very pleased to contribute, and even more if it makes a difference for you.

@hamza:
Yes, I did use Sbopkg to build the Domination or Risk game as pointed in the preceeding post, see:
http://porteus.org/forum/viewtopic.php?f=48&t=681

Re: Sbopkg package manager

Posted: 18 Jul 2011, 18:15
by Hamza
Looks like really good!

Re: Sbopkg package manager

Posted: 20 Jul 2011, 19:19
by francois
It was really easy. It will be interesting to see how it manages more complex set of packages. Let us hear from your eperience with sbopkg.

Re: Sbopkg package manager

Posted: 20 Jul 2011, 22:30
by BlackRider
Taking advantage of SlackBuilds.org is a good idea, indeed. However, please, remember that some of the sources posted there are not 100% trustable.

A guy wrote in their mailing list:
There really isn't anything to trust here, and the site pretty
much says so too. you get a very small script, which is overwhelmingly
just a boilerplate. So if an SBo maintainer were to do anything funky...
In other words: the mantainers of the site just test that the script builds and that it makes no bizzarre attempts to do harm. However, if I submited a script and a source,a source with malware , someone could compile it and introduce the malware in his system anyway. This is why I always recomend to get the source straight from upstream.

I am sorry, but my paranoid soul has forced me to invade this thread :-)

Re: Sbopkg package manager

Posted: 21 Jul 2011, 02:12
by francois
It is very good to have someone acquainted with the finest security issues. Your comment is appreciated and especially for those in more critical environment with more stringent security measures. Which maybe I do not personally have the need.

I do not know exactly who you cite, but in the hypelink mentioned above you could read, see:
http://www.linux.com/archive/feature/148826

"... Slackbuilds.org is closest thing available to an official Slackware repository. It is administered by people on the Slackware development team and recommended by Slackware's maintainer, Patrick Volkerding, in the Slackware release notes ..."

In addition, as fanthom mentioned the process of accepting seems to be good enough for the packages proposed on the porteus repository on your thread called Security of porteus ... :
http://porteus.org/forum/viewtopic.php? ... thom#p5137

However, you could pursue in the thread of yours if you want the flaws that you have submited. It would be interesting to have the debate over there. I am no expert on security issues, but am very interested in the topic.

Posted after 47 minutes 2 seconds:
My intent is to build packages with sbopkg, trim them and submit them for porteus repository. I hope that is not a problem for the maintainers.

Re: Sbopkg package manager

Posted: 21 Jul 2011, 08:59
by BlackRider
The words I quoted belong to Bradley D. Thornton.

There was a very interesting discussion about the security of SlackBuild's procedures not much time ago. You know that in each build's page, there are links to the script and the source, don't you? Most times, the links to the source point to the sorces provided by the authors. Some times, they point to a suspicious site, that should be not trusted unles you trust that particular mantainer.

Suspicious locations are not an evidence of the mantainer being a Black Hat. Many upstream proyects do not mantain their tarrballs in their servers once a new version is released, so SlackBuilders have to take a copy of those old versions and host them somewhere (for example, in FileFactory). However, the fact is that the procedence of those tarballs cannot be verified easily. If someone puts an evil patch inside of one...

Sure, the malware could be detected by auditing the code, but I guess no much people does review the code line by line.

Re: Sbopkg package manager

Posted: 21 Jul 2011, 10:50
by francois
Is there a simple solution to that? How would you edit the code?