On 07/11/2016 06:14 PM, G. Schlisio wrote: > […] > an install command would likely look like -S like in pacman? > whats the base for installation? PKGBUILDs (from AUR/ABS), official > repos, some new platform containing build recipes for pacpak? > pacpak will use the official repos (or other repos depending on the pacman.conf that is used) with the -S option and *.pkg.tar.gz with the -U option. Making -U accept PKGBUILDs directly seems like a useful feature though. >> `pacpak -Syu` would therefore always install exactly the same version of >> the software as available with regular pacman. > > -Syu with pacman means refresh databases and install all available > updates. does this mean pacpak execute this logic on all installed > containers as pacman executes on all installed packages? especially the > refresh part makes no sense to me at this point. what external database > is there to refresh? > > […] >> it can be used to create containers from existing Arch packages. > > sounds like working from /var/cache/pacman. > Since pacpak should be used without root privileges, I cannot use /var/cache/pacman as the package cache. In fact, I’d like to use an unprivileged pacpak-exclusive user for running pacman. pacpak will probably use one package cache per app. Packages common to multiple apps and their caching will be shared. (Flatpak uses runtime + SDK platforms on top of which apps as well as other platforms can be built. Many apps can share the same platform with its files.) `pacpak -Syu` would therefore refresh and upgrade each platform and then each app running on top of it. What I’m not sure about is whether anyone would want to only upgrade without refreshing. Probably there are some exceptional situations where the answer is yes. > i generally like the idea of isolating and running untrusted software, > as it allows one to implement sth like an applicationwise firewall (as > done in android. wether this reduces or increases attack surface heavily > depends on the implementation and its possibilities, but running > malicious software will never be safe. this only adds another layer of > control to the os. > > georg > It won’t be completely safe. I will add a reminder for new pacpak users to make sure they are aware of this as well. Regards, Florian Pelz