npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

ssb-pacman

v1.1.3

Published

- enable offline instalation of packages - keep old version of archlinux and archlinuxarm packages - sync metadata via ssb - allow peer-to-peer installations - enable reproducable rootfs builds - mimic a local mirror server that pacman can use - create c

Downloads

3

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

regularregular

Keywords

Readme

Objective

  • enable offline instalation of packages
  • keep old version of archlinux and archlinuxarm packages
  • sync metadata via ssb
  • allow peer-to-peer installations
  • enable reproducable rootfs builds
  • mimic a local mirror server that pacman can use
  • create custom syncdb on demand, fitlering packages not in a given shrinkwrap file

Installation

Install sbot and ssb-pacman

npm -g i scuttlebot-release
mkdir -p ~/.ssb-pacman/node_modules
cd ~/.ssb-pacman/node_modules/
git clone [email protected]:regular/ssb-pacman
cd ssb-pacman
npm i
npm -g link
cp sbot.config ../../config
export ssb_appname=ssb-pacman
sbot start

in a different terminal

ssb-pacman-sync

This will take a long time to finish. You can use the scripts in monitor to watch the progress. (use tmux for a full dashboard-style experience)

Meanwhile, in yet another terminal:

ssb-pacman-init-keyring

Install a minimal system in directory root

ssb-pacman-bootstrap root

This downloads and extracts the latest version of pacman and then runs it, so it can re-install itself properly (i.e. withe running package-specific .INSTALL scripts and pacman hooks, both witch are not done by the initial extract pass) This results in a clean, minimal system with a working package manager that uses the secure scuttlebutt network as its "mirror server".

Use pacman to install a packages with dependencies in the chroot

# TODO: support multiple package names
ssb-pacman-install vim root
ssb-pacman-install sed root
ssb-pacman-install grep root

A pacman post-transaction hook is installed in the target root, that records the exact hashes of installed packages. This is called the "shrinkwrap file". It's purpose is similar to package-lock.json or npm's shrinkwrap file.

Create shrinkwrap file

sudo arch-chroot /ssb-pacman-shrinkwrap

You can enter the chroot to test stuff out.

sudo arch chroot

TODO

  • [ ] bindings for vercmp instead of spawning the binary

  • [ ] check SHA before adding blob

  • [ ] clean up bootstrap

  • [ ] clean up signing (rename to keyring-setup)

  • [ ] rename install.sh to extract

  • [ ] unified binary

  • [ ] sbot pacman.startSession ID returns stream of events

  • [ ] sbot pacman.applyShrinkwrap --session ID write shrinkwrap file into session

  • [ ] sbot pacman.getAddress --session ID

Surprises

  • arch=any packages like "archlinux-keyring" are in all of the sync databases for each architecture. However, they actaully have different SHA256SUM entries in the sync db. So, we can not de-dupe based on SHA (or blobid). The reason for this is most likely the inclusion ov BUILDDATE in the metadata.

IDEAS

Reducing space requirements

Because all packages are compressed individually, we cannot take advantage of any overlap of binaty data between packages or differnt versions of packages. (First being relevant for data contained in packages for differnt architecture, latter being relevant for patches and bug fixes that only affect a few files in a big package)

One way to solve this could be to put the blob store onto a filesystem that has de-dupe and compression capabilites and then uncompress packages before storing them. We should set up an experiment to test this theory.