Skip to content

5.0.0 Canary
Compare
Choose a tag to compare
@Elsie19 Elsie19 released this 02 May 00:43
· 35 commits to master since this release
5.0.0
654ae6e

Pacstall v5.0.0 Canary Canary

This update is a major update focusing on quality of life features and enhanced security and functionality. Users can update from Pacstall 4.0.0 or higher with pacstall -U pacstall:master, or reinstall using the deb file.

Developers, Developers, Developers...

BREAKING CHANGES

Features

Bug Fixes

For the Pacscript Maintainers

How to use the new features and deal with the breaking changes

bwrap

  • Remove sudo calls in pacscripts
  • Internet access is restricted while pacscript functions are running (bypass if you need to with external_connection=true).

With bwrap, potentially dangerous scripts are locked down, by giving the child processes read-only access to every directory except the $PACDIR source directory and the pkgdir staging directory. This will also kill any child processes after bwrap is finished, meaning that no extra code could possibly be left running after.

Require cd for functions

With the introduction of source[@], pacscript functions will no longer be run from the unarchived download, instead they will be run from $srcdir. To maintain compatibility with pre-5.0.0 scripts, we have put cd "${_archive}" into all pacscript functions on our 5.0.0 master branch, which can be used to enter source[0] once extracted.

Version constraints & alternative dependencies

Sometimes when making a pacscript, only certain versions of an apt package will work in conjunction with your package, and until now, the only way to solve that was to make a pacdep on the appropriate version, which is clunky, so now, you can optionally specify version constraints and alternate dependencies on packages. The syntax is as follows:

You may include a version constraint after a package name in the form of pkg>=version, pkg<=version, pkg=version, pkg>version, pkg<version.

After the version with an optional constraint, you may use a pipe to provide alternate dependencies.

depends=("foo>=1.2.3 | bar<=1.2.3")
makedepends=("libfoo=1.0.1")
optdepends=("libidk:i386<5.2.3 | libidk:i386>1.2.5: provides libidk support")

url to source[@]

You can now include multiple files to be downloaded by pacstall, meaning you won't have to make pacscripts like neovide-bin, upscayl-app or sidequest. This should remove a lot of headaches with download files.

You can even have sources defined by multiple architectures, such as if you ever needed to download a specific config file for a specific architecture.

To change from pre-5.0.0 scripts into 5.0.0, change all instances of url (variable) into source (array). Architecture specific sources are defined like source_$arch.

πŸ“ Examples

Let's take amfora-bin for example (https://github.com/pacstall/pacstall-programs/blob/76398ebda1f31e140c48b2d4b562d1127bd37a8b/packages/amfora-bin/amfora-bin.pacscript):

url="https://github.com/makeworld-the-better-one/amfora/releases/download/v${pkgver}/amfora_${pkgver}_linux_64-bit"
hash="a468f97f0e3fa1d69868980fd0e5893388ccd9c849874d26e4d0b426fd6bff3e"
...
wget -q https://roboticoverlords.org/amfora.png
if [[ "$(sha256sum amfora.png | cut -d' ' -f 1)" != "3d029d05cff8c42e82685ce7a61fcaa2118e4cbb6a547816a7d5150868a11092" ]]; then
  fancy_message error "Checksum for amfora.png failed"
  return 1
fi
wget -q https://raw.githubusercontent.com/makeworld-the-better-one/amfora/master/amfora.desktop
if [[ "$(sha256sum amfora.desktop | cut -d' ' -f 1)" != "812e1faad6f6d4817eac60d36813472afebe2980cd2e661151a3d98669274207" ]]; then
  fancy_message error "Checksum for amfora.desktop failed"
  return 1
fi

We can now do something like:

sha256sums=(
  "a468f97f0e3fa1d69868980fd0e5893388ccd9c849874d26e4d0b426fd6bff3e"
  "3d029d05cff8c42e82685ce7a61fcaa2118e4cbb6a547816a7d5150868a11092"
  "812e1faad6f6d4817eac60d36813472afebe2980cd2e661151a3d98669274207"
)
source_amd64=(
  "https://github.com/makeworld-the-better-one/amfora/releases/download/v${pkgver}/amfora_${pkgver}_linux_64-bit"
  "https://roboticoverlords.org/amfora.png"
  "https://raw.githubusercontent.com/makeworld-the-betterne/amfora/master/amfora.desktop"
)

nosubmodules array

Pacstall by default will clone git sources with submodules, but some maintainers may not need that, so now you may use the nosubmodules array which takes destination names from source[@]. For instance:

source=(
  "https://github.com/rhino-linux/rhino-pkg.git"
  "https://github.com/tamton-aquib/stuff.nvim.git"
)
nosubmodules=("rhino-pkg")

will clone rhino-pkg.git without submodules but will clone with submodules for stuff.nvim.git.

homepage to url

This is a simple name change to conform to PKGBUILDs.

replace to replaces

This is a simple name change to conform to PKGBUILDs.

hash to *sums

To conform to PKGBUILDs, the hash variable has been replaced with an array *sums. You now have the following options for specifying hashs:

  • sha256sums (should be used by default; what pacstall pre-5.0.0 used)
  • sha512sums
  • sha384sums
  • sha224sums
  • sha1sums
  • md5sums
  • b2sums

Along with these, you can have architecture specific sums arrays, which should compliment source_$arch in the form of *sums_$arch. If you want to include some hashes to check, but not for certain files, you can put SKIP as the value corresponding to the source array.

maintainer to maintainer[@]

The maintainer variable is now an array, where the first value becomes what apt sees as the maintainer, and everyone after will be seen as an "uploader".

check() function

The check function is used just like it is in PKGBUILDs, which will be run between build() and package(). Here is where maintainers should run any tests to check that the final binary or source code runs as it should. You can skip this function with the -Nc/--nocheck flag.

conflicts array

On pre-5.0.0 pacstall, the only way to prevent certain packages from replacing others was with breaks, but dpkg can get more specific. Both breaks and conflicts will declare incompatibilities, but they have very subtle differences during installation:

breaks will tell dpkg that the two packages can be unpacked on the system at the same time, even though one will be uninstalled soon.
conflicts will tell dpkg that both cannot be unpacked on the system at the same time; one must be uninstalled before the other one is installed. A common example of this is two packages that both have a file in the same location.

If you are a pacscript maintainer and you have an array like this:

breaks=("${gives}-git" "${gives}-bin")

That should now be using the conflicts array.

license array

You may now specify licenses. Licenses must be one of the identifiers on https://spdx.org/licenses/, or to specify a custom license, prefix the value with custom:

-Qa/--quality-assurance command

This is an internalization of https://github.com/pacstall/pacstall-qa, rewritten purely in Bash. You can pass this command to test a package PR before it fully lands upstream. The syntax looks like one of the following:

pacstall -Qa firefox-bin#5853
pacstall -Qa firefox-bin#5853@github:pacstall/pacstall-programs
pacstall -Qa firefox-bin@github:pacstall/pacstall-programs#5853

Where:

  • the package is given first, followed by the pull request NUM, separated by a #.
  • Optionally, a metalink separated by a @ may be provided before or after the #NUM.
    • The metalink is broken down into 3 parts: provider, owner, and repo.
    • The owner should be the owner of the repository the PR is being merged into, not the user who created the PR.
  • No other flags should be provided to this command.
Pacscript for this releases Deb 
pkgname="pacstall"
pkgver="5.0.0"
pkgdesc="An AUR-inspired package manager for Ubuntu
Pacstall is the AUR Ubuntu wishes it had. It takes the concept of the AUR
and puts a spin on it, making it easier to install and update downstream programs,
without scouring github repos and the likes."
url='https://pacstall.dev'
depends=(
  'bash'
  'curl'
  'wget'
  'git'
  'unzip'
  'zstd'
  'tar'
  'sensible-utils'
  'iputils-ping'
  'lsb-release'
  'aptitude'
  'bubblewrap'
  'build-essential'
  'ninja-build'
  'meson'
  'jq'
)
optdepends=(
  "axel: faster file downloads"
)
maintainer=(
  "Pacstall Team <pacstall@pm.me>"
  "Elsie19 <hwengerstickel@pm.me>"
)
backup=('usr/share/pacstall/repo/pacstallrepo' 'usr/share/pacstall/update')
source=("https://github.com/pacstall/pacstall/archive/refs/tags/${pkgver}.zip")

prepare() {
  cd "${pkgname}-${pkgver}"
  mkdir -p "${pkgdir}/usr/bin/"
  mkdir -p "${pkgdir}/usr/share/pacstall/scripts/"
  mkdir -p "${pkgdir}/usr/share/pacstall/repo/"
  mkdir -p "${pkgdir}/usr/share/man/man8/"
  mkdir -p "${pkgdir}/usr/share/bash-completion/completions"
  mkdir -p "${pkgdir}/usr/share/fish/vendor_completions.d"
  mkdir -p "${pkgdir}/var/log/pacstall/error_log/"
  mkdir -p "${pkgdir}/var/lib/pacstall/metadata/"
  mkdir -p "${pkgdir}/var/cache/pacstall/"
  mkdir -p "${pkgdir}/usr/src/pacstall/"
}

package() {
  cd "${pkgname}-${pkgver}"
  install -Dm755 pacstall "${pkgdir}/usr/bin/"
  install -Dm755 "misc/scripts"/* "${pkgdir}/usr/share/pacstall/scripts/"
  install "misc/pacstall.8.gz" "${pkgdir}/usr/share/man/man8/"
  install "misc/completion/fish" "${pkgdir}/usr/share/fish/vendor_completions.d/pacstall.fish"
  install "misc/completion/bash" "${pkgdir}/usr/share/bash-completion/completions/pacstall"
  echo "https://raw.githubusercontent.com/pacstall/pacstall-programs/master" | tee "${pkgdir}/usr/share/pacstall/repo/pacstallrepo" > /dev/null
}
Yellow Pac with wings

Contributors

Elsie19, D-Brox, and oklopfer
Assets 3