Generic Download and Install Instructions

Contents

If you use Pacman
- Security
If you don't use Pacman
- Downloading the source tarball
  - Checking the signature
- Installing from source
Getting the development history

Note, added Feb. 2013: The pacman method will not work anymore

This documents how to get and install most of my software. Several methods are covered, depending on the tools you have available. In the rest of this document, I assume you want to download and install a package named $pkgname.

There are basically two methods, depending on whether you use Arch Linux (more precisely, its package manager, Pacman) or not.

If you use Pacman

Most of my publicly-available software have been packaged for x86_64 and can be directly downloaded and installed from my public arch repository.

You first have to add my repository to Pacman. Append:

[svasey-public]
Server = http://public-repo.svasey.org/os/x86_64

to /etc/pacman.conf.

Then to download and install the latest version of $pkgname:

$ pacman -Sy $pkgname

That should do it ! Pay attention to any message that is printed at installation time.

Security

At present (version 3.3.3), Pacman does not implement package signing, which makes this method potentially vulnerable to Man-in-the-middle attacks, and could also lead to problems if my server is compromised.

However, all my packages are signed with my GPG key, so one workaround for you would be to manually download the package file and verify the signature, and then install it with Pacman. To do that, browse http://public-repo.svasey.org/os/x86_64/ and download your package and its .sig file. Then call:

$ gpg --verify $sigfile

Where $sigfile is the signature file. If the signature has been verified correctly, you can then install the package:

$ pacman -U $pkgfile

See the without Pacman method for more on signature verification.

If you don't use Pacman

You should be aware that those instructions are not well-tested. Do not hesitate to send me feedback if something goes wrong.

Downloading the source tarball

Download the source tarball:

$ wget http://public-repo.svasey.org/src/${pkgname}.tar.gz

Checking the signature

I then advise you to check its digital signature. If you do not care, feel free to skip that section.

First, import my GPG key, and make sure you trust it. There is a lot of documentation on how to do this on the web.

Then, download the signature:

$ wget http://public-repo.svasey.org/src/${pkgname}.tar.gz.sig

And verify it:

$ gpg --verify ${pkgname}.tar.gz.sig

Installing from source

Extract the tarball and cd to the resulting directory:

$ tar -xf ${pkgname}.tar.gz
$ cd $pkgname

After doing an ls, you should see several documentation files, like e.g README, INSTALL and COPYING. Read the INSTALL file, install the dependencies, and see if it contains something unusual or if it just points to those instructions. Most of the time it will just point here. If it doesn't, follow the instructions from INSTALL instead of those.

There should also be an install file. To install the package, run (as root):

$ ./install $DESTDIR $PREFIX

Where $DESTDIR and $PREFIX can be omitted, especially if you do not know what they are (good default values will be chosen). $DESTDIR is the file system root where the package should be installed and defaults to /. $PREFIX is the prefix where most of the program files will be installed. It defaults to /usr/local.

If there is a file install.post, you can have a look at INSTALL and read what it tells you to do with that file, then run:

$ ./install.post $DESTDIR $PREFIX

Getting the development history

Most of my projects have a git repository. If you are a developer you can also get the source from there. To clone it, run:

$ git clone git://git.svasey.org/${pkgname}.git