Package management is the cornerstone of software distribution and maintenance in Linux systems. For a container-ready Linux distribution, effective package management ensures secure, reliable, and efficient software deployment across the host system and containerized applications. This chapter explores pacman, the package manager for Arch Linux and its derivatives, adapted for our custom LFS distribution.
Package: A compressed archive containing software, metadata, and installation scripts Repository: A collection of packages stored on servers Dependency: Software required by another package to function PKGBUILD: Script describing how to build a package from source Package Database: Local record of installed packages and their files
Binary Packages:
- Pre-compiled software ready for installation
- Fast installation, maintained by distribution
- Limited customization options
Source Packages:
- Original source code with build instructions
- Full customization and optimization
- Build-time dependency resolution
- Used for custom packages and security patches
Meta Packages:
- Virtual packages containing only dependencies
- Group related software together
- Simplify complex installations
Installed: Package files extracted and configured Explicit: Manually installed by user Dependency: Installed automatically as requirement Orphan: No longer needed by any installed package Outdated: Newer version available in repository
pacman: Command-line package manager
- Install, remove, upgrade packages
- Dependency resolution and conflict detection
- Package database management
- Repository synchronization
makepkg: Package building tool
- Reads PKGBUILD files
- Downloads and compiles source code
- Creates package archives
- Handles build dependencies
pacman-key: GPG key management
- Manages package signing keys
- Verifies package authenticity
- Manages keyring trust levels
repo-add/repo-remove: Repository management
- Add/remove packages from custom repositories
- Generate repository databases
- Manage repository metadata
Configuration Files:
/etc/pacman.conf: Main configuration/etc/pacman.d/: Repository configurations/etc/makepkg.conf: Build configuration
Package Storage:
/var/cache/pacman/pkg/: Downloaded packages/var/lib/pacman/: Package database/var/lib/pacman/sync/: Repository databases
Custom Repository:
/opt/custom-repo/: Local repository storage/opt/custom-repo/custom.db.tar.gz: Repository database
Package Signing:
# Initialize pacman keyring
pacman-key --init
# Populate with Arch Linux keys (for LFS adaptation)
pacman-key --populate archlinux
# Verify package signatures
pacman -S --needed archlinux-keyring
# Check signature status
pacman -Qkk # Verify all installed packagesKey Management:
# List trusted keys
pacman-key --list-keys
# Add custom key for local repository
pacman-key --add /path/to/custom-key.asc
pacman-key --lsign-key KEYID
# Update keyring
pacman-key --refresh-keysMirror Selection:
# Rank mirrors by speed
pacman-mirrors --fasttrack
# Test mirror connectivity
pacman-mirrors --geoip
# Manual mirror configuration
echo 'Server = https://mirror.example.com/archlinux/$repo/os/$arch' >> /etc/pacman.d/mirrorlistRepository Validation:
# Check repository integrity
pacman -Syy # Force refresh with verification
# Verify database integrity
pacman -Dk # Check database health
# Clean package cache securely
paccache -rk2 -ruk0 # Keep 2 versions, remove uninstalledForward Dependencies:
# Show what a package provides
pacman -Si package-name | grep -E "(Depends|Provides|Conflicts)"
# Check reverse dependencies
pacman -Qi package-name | grep "Required By"
# Find which package owns a file
pacman -Qo /path/to/fileCircular Dependencies:
- Pacman handles circular dependencies automatically
- May require multiple passes for complex cases
- Use
--asdepsfor dependency packages
# Find orphan packages
pacman -Qdtq
# Remove orphans
pacman -Qdtq | pacman -Rns -
# Prevent important packages from being orphaned
pacman -D --asexplicit package-nameBasic PKGBUILD:
# PKGBUILD example
pkgname=myapp
pkgver=1.0.0
pkgrel=1
pkgdesc="My custom application"
arch=('x86_64')
url="https://github.com/user/myapp"
license=('GPL')
depends=('glibc' 'gtk3')
makedepends=('git' 'meson' 'ninja')
source=("$pkgname-$pkgver.tar.gz::https://github.com/user/myapp/archive/v$pkgver.tar.gz")
sha256sums=('SKIP')
prepare() {
cd "$pkgname-$pkgver"
# Apply patches, configure build
}
build() {
cd "$pkgname-$pkgver"
meson --prefix=/usr build
ninja -C build
}
package() {
cd "$pkgname-$pkgver"
DESTDIR="$pkgdir" ninja -C build install
}makepkg Workflow:
# Download and build package
makepkg -s # Install missing dependencies
# Build without installing dependencies
makepkg -S # Sync dependencies only
# Build with custom flags
CFLAGS="-O3 -march=native" makepkg
# Build for different architecture
makepkg -A # Build for all architectures
# Skip integrity checks
makepkg -skipintegLocal Package Installation:
# Install local package
pacman -U package-name.pkg.tar.zst
# Install with dependency check
pacman -U --asdeps package-name.pkg.tar.zst
# Force installation (dangerous)
pacman -U --force package-name.pkg.tar.zstRepository Creation:
# Create repository directory
mkdir -p /opt/custom-repo
# Add packages to repository
cp *.pkg.tar.zst /opt/custom-repo/
# Generate repository database
repo-add /opt/custom-repo/custom.db.tar.gz /opt/custom-repo/*.pkg.tar.zst
# Sign repository database
gpg --detach-sign /opt/custom-repo/custom.db.tar.gzRepository Configuration:
# Add to pacman.conf
cat >> /etc/pacman.conf << EOF
[custom]
SigLevel = Required DatabaseRequired
Server = file:///opt/custom-repo
EOF
# Update package database
pacman -SySync Operations:
# Update all repositories
pacman -Syu
# Update without upgrading
pacman -Sy
# Force refresh
pacman -Syy
# Check for updates
pacman -QuDocker Image Packages:
# Create package for Docker image
cat > docker-myapp/PKGBUILD << EOF
pkgname=docker-myapp
pkgver=1.0.0
pkgrel=1
pkgdesc="Docker container for myapp"
arch=('x86_64')
depends=('docker')
source=('Dockerfile')
package() {
install -Dm644 Dockerfile "$pkgdir/usr/share/docker-myapp/Dockerfile"
install -Dm755 build-container.sh "$pkgdir/usr/bin/docker-myapp-build"
}
EOFPodman Image Management:
# Build container image
podman build -t myapp:latest .
# Save image as tarball
podman save myapp:latest > myapp.tar
# Create package from image
cat > podman-myapp/PKGBUILD << EOF
pkgname=podman-myapp
pkgver=1.0.0
pkgrel=1
pkgdesc="Podman container for myapp"
arch=('x86_64')
depends=('podman')
package() {
install -Dm644 myapp.tar "$pkgdir/usr/share/podman-myapp/image.tar"
install -Dm755 run-container.sh "$pkgdir/usr/bin/podman-myapp-run"
}
EOFRuntime Package Management:
# Install container runtime
pacman -S docker podman containerd
# Install container tools
pacman -S buildah skopeo
# Install container networking
pacman -S cni-plugins slirp4netns
# Install security tools
pacman -S apparmorPackage Database Integrity:
# Check database health
pacman -Dk
# Rebuild package database
pacman -Scc # Clean cache
pacman -Syy # Force refresh
# Verify package files
pacman -Qkk | grep -v "0 altered files"Cache Management:
# Clean package cache
paccache -r # Remove all cached versions except 3
paccache -rk1 -ruk0 # Keep 1 version, remove uninstalled
# Show cache size
du -sh /var/cache/pacman/pkg/
# Move cache to different location
sed -i 's|CacheDir.*|CacheDir = /mnt/cache/pacman/pkg|' /etc/pacman.confSafe Updating:
# Check for updates
pacman -Qu
# Update system
pacman -Syu
# Update specific package
pacman -S package-name
# Ignore package updates
pacman -Syu --ignore package-name
# Hold package at current version
pacman -S --asexplicit package-nameRollback Capabilities:
# Install downgrade utility
pacman -S downgrade
# Downgrade package
downgrade package-name
# View package history
pacman -Q --date package-nameSignature Verification:
# Enable signature checking
sed -i 's/SigLevel.*/SigLevel = Required DatabaseRequired/' /etc/pacman.conf
# Verify all packages
pacman -Qkk
# Check for unsigned packages
pacman -Q | xargs pacman -Qi | grep -B1 "NOT OK"Trusted Repositories:
# Only use trusted repositories
# Verify repository URLs
grep "^\[.*\]" /etc/pacman.conf
# Check repository signatures
pacman-key --list-sigs | grep -E "(repo|trusted)"Secure Building:
# Use isolated build environment
makepkg --cleanbuild
# Verify source integrity
makepkg --verifysource
# Build as unprivileged user
chown builduser:builduser -R .
su builduser -c "makepkg"Dependency Conflicts:
# Check conflicts
pacman -Si package-name | grep Conflicts
# Force installation
pacman -S --force package-name
# Remove conflicting package
pacman -Rdd conflicting-packagePackage Corruption:
# Clear package cache
pacman -Scc
# Reinstall corrupted package
pacman -S --force package-name
# Check filesystem
pacman -Qk | grep -v "0 altered files"Repository Issues:
# Refresh repositories
pacman -Syy
# Check mirror status
curl -s mirror-url/core/os/x86_64/core.db | head -c 100
# Switch mirrors
pacman-mirrors --country United_StatesBroken System Recovery:
# Boot from live USB
mount /dev/sda1 /mnt
pacman -r /mnt -Syu # Chroot update
# Fix broken packages
pacman -r /mnt -Qk | grep -v "0 altered files"
pacman -r /mnt -S --force broken-packagegraph TD
A[Identify Software Needs] --> B[Search Repositories]
B --> C{Custom Package?}
C -->|No| D[Install Binary Package]
C -->|Yes| E[Create PKGBUILD]
E --> F[Build with makepkg]
F --> G[Test Package]
G --> H[Add to Repository]
H --> I[Install Package]
D --> J[Configure Software]
I --> J
J --> K[Monitor Updates]
K --> L[Package Management Complete]
- Install pacman and initialize package database
- Update package lists:
pacman -Sy - Search for packages:
pacman -Ss vim - Install a package:
pacman -S vim - List installed packages:
pacman -Q - Check package information:
pacman -Qi vim
Expected Outcome: Basic pacman operations working correctly
- Examine a sample PKGBUILD file
- Create a simple PKGBUILD for a basic script
- Build the package:
makepkg - Install the local package:
pacman -U package.pkg.tar.zst - Verify installation:
pacman -Q | grep package-name
Expected Outcome: Custom package built and installed successfully
- Create a local repository directory
- Build multiple packages and add to repository
- Generate repository database:
repo-add - Configure pacman to use local repository
- Install packages from local repository
- Update repository with new packages
Expected Outcome: Functional local package repository
- Install a package with dependencies
- Check package dependencies:
pacman -Qi package | grep Depends - Find reverse dependencies:
pacman -Qi package | grep Required - Identify orphan packages:
pacman -Qdtq - Remove orphans safely
- Analyze dependency tree
Expected Outcome: Understanding of package dependencies and relationships
- Initialize pacman keyring:
pacman-key --init - Configure signature verification in pacman.conf
- Add trusted keys for repositories
- Verify package signatures:
pacman -Qkk - Test package verification on updates
- Document security configuration
Expected Outcome: Secure package management with signature verification
- Create PKGBUILD for container image package
- Build and install container package
- Configure container runtime dependencies
- Test container package installation
- Integrate with systemd services
- Verify container functionality
Expected Outcome: Container applications packaged and managed through pacman
- Perform system update:
pacman -Syu - Clean package cache:
paccache -r - Check package database integrity:
pacman -Dk - Troubleshoot a package installation failure
- Recover from a broken package state
- Document maintenance procedures
Expected Outcome: Comprehensive package management maintenance skills
With package management fundamentals established, proceed to Chapter 7.2 for detailed pacman setup. The package management system will be crucial for distributing your custom Linux distribution and managing containerized applications.
- Pacman Documentation: https://man.archlinux.org/man/pacman.8
- PKGBUILD Documentation: https://man.archlinux.org/man/PKGBUILD.5
- Arch Linux Packaging: https://wiki.archlinux.org/title/Arch_package_guidelines
- Makepkg Documentation: https://man.archlinux.org/man/makepkg.8
- Pacman-key Documentation: https://man.archlinux.org/man/pacman-key.8