We package different software into easy-installable RPM package aiming at an easy software installation and de-installation. Primarily we package software that is either not found in the distribution at all or only in an older version.

I've heard that binary packages lead to a bunch of troubles. Is installing your packages safe?

Before you install a package you can examine it for hidden troubles or clever tricks.

 # rpm -qpil --changelog --scripts packagename.rpm | less

Now you can see who built the package, what changed since the last release, which files will be installed on your system and which scripts will be run before or after the installation.

Furthermore all our packages are signed, so that you can see who built the package, whether it was downloaded completely or maliciously altered.

You can do this in a few different ways: you should have installed GnuPG (starting from version 1.x) or PGP (starting from version 5.x)

(PGP version 2.x does not function!) GNU Privacy Guard homepage: http://www.gnupg.org Pretty Good Privacy homepage: http://www.pgpi.net

First you need the public key of the packager: In case of GnuPG:

 $ lynx --dump ftp://ftp.links2linux.de/pub/packman/public-keys.asc |gpg --import

Or download and import the file ftp://ftp.links2linux.de/pub/packman/public-keys.asc

 $ gpg --import public-keys.asc

In case of PGP:

 $ lynx --dump ftp://ftp.links2linux.de/pub/packman/public-keys.asc | pgp -fka

Or download the file ftp://ftp.links2linux.de/pub/packman/public-keys.asc and import as follows:

 $ pgp -ka public-keys.asc

With RPM and GNU Privacy Guard:

First you have to import the Packman key into the RPM database:

 $ rpm --import public-keys.asc

Then you must create a file called .rpmmacros (as a user) with the following contents:

 $ vi ~/.rpmmacros
 %_signature gpg
 %_gpg_name Waldemar Brodkorb (Linux rulez!) <brodkorb@onlinehome.de>
 %_gpg_path /home/waldemar/.gnupg/
 %_gpg_bin /usr/bin/gpg

of course adapted to your data. : -)

Now you can check the packages before installing:

 $ rpm -vK packagename.rpm

I've got problems importing the keys with rpm –import on Suse 10.0. apt-get refused to install the packages due to missing signatures.

 $ apt-get upgrade
 …
 Checking GPG of signatures…
 Unknown signature /var/cache/apt/archives/alsa_1.0.13-0.pm.0_i586.rpm: (SHA1) DSA sha1 md5 (GPG) EMERGENCY of OK ONE (MISSING KEY: GPG#5277a2fa)
 …
 E: Error (s) while checking package signatures:
 0 unsigned package (s)
 9 package (s) with unknown signatures
 0 package (s) with illegally/corrupted signatures
 E: Handler silently failed

An import of the public keys like described above did not work:

 $ RPM - qa gpg-pubkey* > ~/gpg-pubkey1
 $ RPM --import ftp://ftp.links2linux.de/pub/packman/public-keys.asc
 $ RPM - qa gpg-pubkey* > ~/gpg-pubkey2
 $ diff - u ~/gpg pubkey?
 -- /root/gpg-pubkey1 2006-10-20 17:44: 57.000000000 +0200
 +++ /root/gpg-pubkey2 2006-10-20 17:45: 44.000000000 +0200
 @@ -1.5 +1.6 @@
  gpg-pubkey-15c17deb-3f9e80c9
  gpg-pubkey-3d25d3d9-36e12d04
  gpg-pubkey-9c800aca-40d8063e
 +gpg-pubkey-ddaf6454-3777ac55
  gpg-pubkey-0dfb3188-41ed929b
  gpg-pubkey-ddaf6454-3777ac55

Apparently RPM has a problem with the import of multiple keys from a single file and only the first public key gets imported. Therefore I installed the rpmkey-packman package, which contains all author keys as individual files:

 $ rpm - i ftp://ftp.gwdg.de/pub/linux/suse/apt/SuSE/10.0-i386/RPMS.rpmkeys/rpmkey-packman-0.3.2-0.pm.1.noarch.rpm
 warning: /var/tmp/rpm-xfer.G9W6RC: V3 DSA signature: NOKEY, key ID 5277a2fa
 $ rpm - ql rpmkey-packman
 /etc/yum.repos.d/packman.repo
 /usr/lib/rpm/gnupg/packman-andsch.asc
 /usr/lib/rpm/gnupg/packman-andsch_alt.asc
 /usr/lib/rpm/gnupg/packman-bwalle.asc
 /usr/lib/rpm/gnupg/packman-chrhae.asc
 /usr/lib/rpm/gnupg/packman-detrei.asc
 /usr/lib/rpm/gnupg/packman-henmuh.asc
 /usr/lib/rpm/gnupg/pack man-henvol.asc 
 /usr/lib/rpm/gnupg/packman-henvol_alt.asc 
 /usr/lib/rpm/gnupg/packman-hergra.asc 
 /usr/lib/rpm/gnupg/packman-hergra_alt.asc 
 /usr/lib/rpm/gnupg/packman-konmal.asc 
 /usr/lib/rpm/gnupg/packman-leofre.asc 
 /usr/lib/rpm/gnupg/packman-leofre_alt.asc 
 /usr/lib/rpm/gnupg/packman-leofre_alt2.asc 
 /usr/lib/rpm/gnupg/packman-mantre.asc 
 /usr/lib/rpm/gnupg/packman-marhue.asc 
 /usr/lib/rpm/gnupg/packman-marsch.asc 
 /usr/lib/rpm/gnupg/packman-oliben.asc 
 /usr/lib/rpm/gnupg/packman-pasble.asc 
 /usr/lib/rpm/gnupg/packman-pasble_alt.asc 
 /usr/lib/rpm/gnupg/packman-queden.asc 
 /usr/lib/rpm/gnupg/packman-railay.asc 
 /usr/lib/rpm/gnupg/packman-railay_alt.asc 
 /usr/lib/rpm/gnupg/packman-ralcor.asc 
 /usr/lib/rpm/gnupg/packman-robrak.asc 
 /usr/lib/rpm/gnupg/packman-thomue.asc 
 /usr/lib/rpm/gnupg/packman-tongra.asc 

That is not sufficient however, the asc files still have to be manually imported: (someone please check if it is still the case

 $ rpm -ql rpmkey-packman | grep asc | xargs rpm --import 

Now RPM is aware of all the keys:

 $ rpm -qa gpg-pubkey* > ~/gpg-pubkey3 
 $ diff -u ~/gpg-pubkey{1,3} 
 --- /root/gpg-pubkey1 2006-10-20 17:44:57.000000000 +0200 
 +++ /root/gpg-pubkey3 2006-10-20 17:55:29.000000000 +0200 
 @@ -1,5 +1,33 @@ 
 +gpg-pubkey-5f6842a4-40b09936 
 +gpg-pubkey-f9558872-430f586f 
 +gpg-pubkey-8ff214b4-3afa5d46 
 gpg-pubkey-15c17deb-3f9e80c9 
 +gpg-pubkey-3ab2ce5e-41a4c011 
 +gpg-pubkey-f2c6a54e-43d171bc 
 +gpg-pubkey-27db6f5b-4140d446 
 gpg-pubkey-3d25d3d9-36e12d04 
 +gpg-pubkey-f33e3fc6-443ed5fc 
 +gpg-pubkey-7fdcef8b-3da540d4 
 +gpg-pubkey-1be4d89e-434835df 
 +gpg-pubkey-4efd697e-4453afce 
 +gpg-pubkey-a16ea024-4374cbc5 
 +gpg-pubkey-807235a8-3e26a1bc 
 +gpg-pubkey-95702b3b-3c6a5ee4 
 gpg-pubkey-9c800aca-40d8063e 
 +gpg-pubkey-ddaf6454-3777ac55 
 +gpg-pubkey-ddaf6454-3a577225 
 +gpg-pubkey-03775059-3f045e14 
 +gpg-pubkey-08a568c6-3be86b1b 
 +gpg-pubkey-5277a2fa-40bf6e67 
 +gpg-pubkey-58857177-3d946b70 
 +gpg-pubkey-cd3140cd-3d468b40 
 +gpg-pubkey-1dfa8f0c-41540ae2 
 gpg-pubkey-0dfb3188-41ed929b 
 gpg-pubkey-ddaf6454-3777ac55 
 +gpg-pubkey-cddd4d64-450c55e0 
 +gpg-pubkey-4efd697e-4453aa9e 
 +gpg-pubkey-58857177-3fbba87b 
 +gpg-pubkey-f4500075-43fde72f 
 +gpg-pubkey-dcb8fafe-3eca9611 
 +gpg-pubkey-35a64134-3a57e000 
 +gpg-pubkey-42d5f51f-2f05e27b 

Solution: you have to run the install command as follows: apt install rpmkey-*. Only the apt wrapper script imports the keys into the rpm database!

Some projects build RPMs for SuSE on their own, so the first place to look for the packages is the project site. Other useful sources are:

http://software.opensuse.org/search openSUSE Buildservice - current packages, with search interfaces and Benji Weber's One Click Install

http://www.mathematik.uni-wuerzburg.de/~vaeth/specs/ some.spec files, from that RPMs can be built, and a few RPMs

There are three possibilities: over YaST, manually or over apt4rpm.

The YaST way is the simplest one. What you have to do is to add the Packman repository in YaST. Once you have done that, you may search for Packman packages in YaST Install and Remove Software interface and benefit from the automatic dependency resolution. This method is the recommended method for all users. A screenshot of the Add Repository window in YaST

To add the Packman repository as a package, go to YaST→Software repositories, and then add a mirror from the list ftp://packman.links2linux.de/pub/packman/MIRRORS as a server and suse/10.3 as a directory (change the number to your SuSE version)

Or if you use zypper (the command-line software installer in openSUSE 10.2 and newer), run

 $ zypper ar http://<yourmirror>/suse/10.3 Packman

as root.

You have to download the packages on your own, and you have no automatic dependency resolution. For larger files a download manager is recommended, e.g. wget.

 $ wget -nH -nd -c "address" 

Then you can install the package as root into your system.

 $ rpm -Uvh package1.rpm package2.rpm… 

Please make sure that you downloaded all the dependencies and are installing them with a single rpm -Uvh call, otherwise rpm will complain.

This depends on whether you install packages over YaST, manually or over apt4rpm.

For the updates to work, the Packman entry must be activated in the Software Repositories screen and updated, either by enabling the automatic update (on by default) or updating manually. After that, if a new package exists, it will show in blue in the Software management screen, if a newer version is installed than is available in the repositories, it will be shown in red.

Run a rpm -Uvh command over manually downloaded RPMs, as described in the manual installation section.

There are several possibilities:

• On the Packman main page http://packman.links2linux.de/ updated and new packages are listed
• There is a news feed (RDF) found here: http://packman.links2linux.de/rdf/packman_de.rdf.

• You can look for updates in YaST Software management interface, the packages with a newer version will be showed in blue.

Either from the YaST Software management interface, or by running the following as root:

 $ rpm -e packagename 

If you cannot find the exact package name, look for it with grep

 $ rpm -qa | grep -i word

Or if you know a file that is certainly in the package:

 $ rpm -qf path/to/the/filename

Simply send an E-Mail with the exact error description to the Packman mailing list: packman <at>&nbsp;links2linux.de. If you do not know exactly which information about your system is needed? Point out at least your SUSE version and the package name and the version.

We still do, but they are named differently now. To prevent conflicts caused by different versions of the same library, as well to prevent forced installation of unneeded files, libraries packaged for Suse 10.3 must adhere to the new packaging policy (http://en.opensuse.org/Shared_Library_Packaging_Policy). Shortly explained: The package ktoblzcheck is now split into three different packages:

1. ktoblzcheck (the binaries, data files, etc.)
2. libktoblzcheckX (the shared library libktoblzcheck.so.X, if it is used by other programs) and
3. libktoblzcheck-devel (all headers and development files)

So if another program needs libktoblzcheck.so.X, it will request just the libktoblzcheckX package as a dependency, and no more the ktoblzcheck package.

Since for every package a source package (.src.rpm) is available, you can easily build a package for your distribution from a source package

 $ rpmbuild --rebuild package.src.rpm 

If all libraries and headers are already installed, a RPM will be built that can be installed with

 $ rpm -Uvh /usr/src/packages/RPMS/i386/paketname.rpm 

If there are missing packages necessary for the build, RPM will inform you about the missing dependencies.

You should take into consideration, that software built on a newer distribution may not be executable on an older one.

Again, as source RPMs are available for every package, you can build the package yourself.

First extract the source RPM:

 $ rpm -i package.src.rpm 

You find the SPEC files under /usr/src/packages/SPECS/, and the source tarball in /usr/src/packages/SOURCES/ The .spec file contains all information for building a package from source, such as what commands are to be executed during the installation, where do what files reside after the installation, the compile options etc.

Then edit the .spec file and rebuild the RPM with

 $ rpmbuild -bb paketname.spec

(A better solution would be to use the build script, that comes with the build package, since it provides (among many other useful features) build dependency resolution and downloading, and builds the package in a special chroot, which ensures that all the build dependencies and only them are installed)

After that procedure a plain RPM will be built, which can be installed afterwards.

You should also inform the packager (preferably via E-Mail) so that he knows that his package is missing a feature or is misconfigured.

To show the list of the files contained in the RPM, run

 $ rpm2cpio package.rpm | cpio --list

or

 $ rpm -qlp package.rpm

After that you can extract individual files:

 $ rpm2cpio package.rpm | cpio --extract filename

Changes related to the packaging are usually found in the changelog of the package, which can be viewed with:

 $ rpm -qp --changelog packagename.rpm 

Usually however the changes in the program itself are more interesting. These are usually found in a file called CHANGES or CHANGELOG, which is installed into under /usr/share/doc/packages/<package name>/. The following command shows what other documentation does the package contain:

 $ rpm -qd packagename.rpm 

Beyond that the changes are to be usually found on the homepage of the program. The project homepage URL is usually at the Packman package overview site (http://packman.links2linux.org/package/<packagename>). If the site reference is missing, then it is a good idea to look for the project homepage or the changelog link at Freshmeat.net, since almost every program is registered at Freshmeat.

Maximum RPM:

http://www.rpm.org/max-rpm/ (a must-read for every RPM builder)

RPM HowTo:

http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/RPM-HOWTO.html

RPM manpage:

 $ man rpm

If your package is built with rpmbuild and not with checkinstall, send an E-mail to the Mailinglist packman <at>&nbsp;links2linux.de. Usually however we do not host externally-built RPMs, since all our RPMs are digitally signed and we have high quality claims on them.

However someone from Packman team may take care of your RPM. In this case he will rebuild and upload it and possibly maintain it in the future. You are also free to become a member of our team and thus take care of your package by yourself. Read the next chapter on this!

Yes, just let us know in freenode irc on #packman and we'll clarify everything.

As a Packman member you'll have to be prepared to dedicate a fixed amount of your free time for package maintenance. Once built packages are usually maintained further on; as soon as there is a version of the software more current than available within SUSE repositories, it should be updated. You have to bring along a certain amount of knowledge about the RPMs, or at least the will to learn it (it's not that hard, really not) We have some scripts which help out with the RPM maintenance greatly, however they cannot substitute the human work. There are a few guidelines on RPM packaging you must adhere to.

You must count with you also on increased a Internet Traffic, since you must download the current software-Versions, your SUSE system on the current conditions to hold and your packages to luggage one ftp to high-load must.

Would be ideal, if you could build packages in each case for the current SUSE version and for the one before it. That means in addition, doubled care expenditure for your system!