Having a hard time understanding package-manager repositories? [duplicate]
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
This question already has an answer here:
How does apt-get really work?
1 answer
I'm currently starting to play around in the Terminal (MacOS), and learning to get the most out of it. I knew Homebrew was a very populair alternative package-manager on MacOS, so I decided to look into it.
I get the software installed, and everything is fine, and I can use it. But there is generally two things that I have a hard time figuring out.
Generally I can't wrap my head around where package-managers get their packages from? As an example if I were to download firefox on via APT or HB, where do their get the packages from?
apt-get install firefox
brew cask install firefox
When I go to Mozillas webpage and download Firefox I know they simply have the file on one of their servers, but is that also the case with the above? And in which case, is it the original developers server or maybe github as it seems to be with HB?
Also, when I download a file from the website, I generally know that Mozilla is a company with a good rep, and their files are safe. But how can I make sure the files I get via APT or HB is safe as well?
PS. I understand that it has something to do with the SHA keys that will have to match.
apt package-management homebrew
New contributor
marked as duplicate by Rui F Ribeiro, muru, G-Man, JigglyNaga, schily Nov 21 at 12:53
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
add a comment |
up vote
2
down vote
favorite
This question already has an answer here:
How does apt-get really work?
1 answer
I'm currently starting to play around in the Terminal (MacOS), and learning to get the most out of it. I knew Homebrew was a very populair alternative package-manager on MacOS, so I decided to look into it.
I get the software installed, and everything is fine, and I can use it. But there is generally two things that I have a hard time figuring out.
Generally I can't wrap my head around where package-managers get their packages from? As an example if I were to download firefox on via APT or HB, where do their get the packages from?
apt-get install firefox
brew cask install firefox
When I go to Mozillas webpage and download Firefox I know they simply have the file on one of their servers, but is that also the case with the above? And in which case, is it the original developers server or maybe github as it seems to be with HB?
Also, when I download a file from the website, I generally know that Mozilla is a company with a good rep, and their files are safe. But how can I make sure the files I get via APT or HB is safe as well?
PS. I understand that it has something to do with the SHA keys that will have to match.
apt package-management homebrew
New contributor
marked as duplicate by Rui F Ribeiro, muru, G-Man, JigglyNaga, schily Nov 21 at 12:53
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
1
And unix.stackexchange.com/questions/342222/…, unix.stackexchange.com/questions/317698/…
– muru
Nov 21 at 1:52
add a comment |
up vote
2
down vote
favorite
up vote
2
down vote
favorite
This question already has an answer here:
How does apt-get really work?
1 answer
I'm currently starting to play around in the Terminal (MacOS), and learning to get the most out of it. I knew Homebrew was a very populair alternative package-manager on MacOS, so I decided to look into it.
I get the software installed, and everything is fine, and I can use it. But there is generally two things that I have a hard time figuring out.
Generally I can't wrap my head around where package-managers get their packages from? As an example if I were to download firefox on via APT or HB, where do their get the packages from?
apt-get install firefox
brew cask install firefox
When I go to Mozillas webpage and download Firefox I know they simply have the file on one of their servers, but is that also the case with the above? And in which case, is it the original developers server or maybe github as it seems to be with HB?
Also, when I download a file from the website, I generally know that Mozilla is a company with a good rep, and their files are safe. But how can I make sure the files I get via APT or HB is safe as well?
PS. I understand that it has something to do with the SHA keys that will have to match.
apt package-management homebrew
New contributor
This question already has an answer here:
How does apt-get really work?
1 answer
I'm currently starting to play around in the Terminal (MacOS), and learning to get the most out of it. I knew Homebrew was a very populair alternative package-manager on MacOS, so I decided to look into it.
I get the software installed, and everything is fine, and I can use it. But there is generally two things that I have a hard time figuring out.
Generally I can't wrap my head around where package-managers get their packages from? As an example if I were to download firefox on via APT or HB, where do their get the packages from?
apt-get install firefox
brew cask install firefox
When I go to Mozillas webpage and download Firefox I know they simply have the file on one of their servers, but is that also the case with the above? And in which case, is it the original developers server or maybe github as it seems to be with HB?
Also, when I download a file from the website, I generally know that Mozilla is a company with a good rep, and their files are safe. But how can I make sure the files I get via APT or HB is safe as well?
PS. I understand that it has something to do with the SHA keys that will have to match.
This question already has an answer here:
How does apt-get really work?
1 answer
apt package-management homebrew
apt package-management homebrew
New contributor
New contributor
edited Nov 20 at 21:41
Rui F Ribeiro
38.2k1475125
38.2k1475125
New contributor
asked Nov 20 at 21:33
LeeSwaggers
132
132
New contributor
New contributor
marked as duplicate by Rui F Ribeiro, muru, G-Man, JigglyNaga, schily Nov 21 at 12:53
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
marked as duplicate by Rui F Ribeiro, muru, G-Man, JigglyNaga, schily Nov 21 at 12:53
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
1
And unix.stackexchange.com/questions/342222/…, unix.stackexchange.com/questions/317698/…
– muru
Nov 21 at 1:52
add a comment |
1
And unix.stackexchange.com/questions/342222/…, unix.stackexchange.com/questions/317698/…
– muru
Nov 21 at 1:52
1
1
And unix.stackexchange.com/questions/342222/…, unix.stackexchange.com/questions/317698/…
– muru
Nov 21 at 1:52
And unix.stackexchange.com/questions/342222/…, unix.stackexchange.com/questions/317698/…
– muru
Nov 21 at 1:52
add a comment |
2 Answers
2
active
oldest
votes
up vote
1
down vote
accepted
Maintainer of a software will pack the software as a certain format and upload it to a server which is designed to be accessible by all package manager users.
When you run package manager from your computer, it will connect to the server and download the package from the server to your computer then install it.
Homebrew, apt, pacman, dnf, AppStore, Google Play Store, Microsoft Windows App Store. They all work this way.
How can I make sure the files I get via APT or HB is safe as well?
Safe is not a well-defined concept. You ensure the bytes of file is created by trusted people, not altered by any other hacker.
Because you trust your package manager and its config file will connect the trusted server, and some sort of digital signature or HASH technology will ensure that you get the package created by trusted people.
Okay I think I get what you're saying! But about the packages being "safe", I mean not altered or affected by malware. But I get what you saying here. Thank you for your answer!
– LeeSwaggers
Nov 21 at 17:56
add a comment |
up vote
0
down vote
The macos has repos like linux, just setup differently. a .git folder will exist in each of your repositories so finding the location of them will give you all your repos.
find /Users/username -name ".git" -print
New contributor
I actually read about this in some article. But that is not quite what I mean. What I mean is the "server-side" location of the files one is downloading, not so much as where the file storing this information is.
– LeeSwaggers
Nov 21 at 17:57
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
Maintainer of a software will pack the software as a certain format and upload it to a server which is designed to be accessible by all package manager users.
When you run package manager from your computer, it will connect to the server and download the package from the server to your computer then install it.
Homebrew, apt, pacman, dnf, AppStore, Google Play Store, Microsoft Windows App Store. They all work this way.
How can I make sure the files I get via APT or HB is safe as well?
Safe is not a well-defined concept. You ensure the bytes of file is created by trusted people, not altered by any other hacker.
Because you trust your package manager and its config file will connect the trusted server, and some sort of digital signature or HASH technology will ensure that you get the package created by trusted people.
Okay I think I get what you're saying! But about the packages being "safe", I mean not altered or affected by malware. But I get what you saying here. Thank you for your answer!
– LeeSwaggers
Nov 21 at 17:56
add a comment |
up vote
1
down vote
accepted
Maintainer of a software will pack the software as a certain format and upload it to a server which is designed to be accessible by all package manager users.
When you run package manager from your computer, it will connect to the server and download the package from the server to your computer then install it.
Homebrew, apt, pacman, dnf, AppStore, Google Play Store, Microsoft Windows App Store. They all work this way.
How can I make sure the files I get via APT or HB is safe as well?
Safe is not a well-defined concept. You ensure the bytes of file is created by trusted people, not altered by any other hacker.
Because you trust your package manager and its config file will connect the trusted server, and some sort of digital signature or HASH technology will ensure that you get the package created by trusted people.
Okay I think I get what you're saying! But about the packages being "safe", I mean not altered or affected by malware. But I get what you saying here. Thank you for your answer!
– LeeSwaggers
Nov 21 at 17:56
add a comment |
up vote
1
down vote
accepted
up vote
1
down vote
accepted
Maintainer of a software will pack the software as a certain format and upload it to a server which is designed to be accessible by all package manager users.
When you run package manager from your computer, it will connect to the server and download the package from the server to your computer then install it.
Homebrew, apt, pacman, dnf, AppStore, Google Play Store, Microsoft Windows App Store. They all work this way.
How can I make sure the files I get via APT or HB is safe as well?
Safe is not a well-defined concept. You ensure the bytes of file is created by trusted people, not altered by any other hacker.
Because you trust your package manager and its config file will connect the trusted server, and some sort of digital signature or HASH technology will ensure that you get the package created by trusted people.
Maintainer of a software will pack the software as a certain format and upload it to a server which is designed to be accessible by all package manager users.
When you run package manager from your computer, it will connect to the server and download the package from the server to your computer then install it.
Homebrew, apt, pacman, dnf, AppStore, Google Play Store, Microsoft Windows App Store. They all work this way.
How can I make sure the files I get via APT or HB is safe as well?
Safe is not a well-defined concept. You ensure the bytes of file is created by trusted people, not altered by any other hacker.
Because you trust your package manager and its config file will connect the trusted server, and some sort of digital signature or HASH technology will ensure that you get the package created by trusted people.
answered Nov 21 at 2:13
神秘德里克
345112
345112
Okay I think I get what you're saying! But about the packages being "safe", I mean not altered or affected by malware. But I get what you saying here. Thank you for your answer!
– LeeSwaggers
Nov 21 at 17:56
add a comment |
Okay I think I get what you're saying! But about the packages being "safe", I mean not altered or affected by malware. But I get what you saying here. Thank you for your answer!
– LeeSwaggers
Nov 21 at 17:56
Okay I think I get what you're saying! But about the packages being "safe", I mean not altered or affected by malware. But I get what you saying here. Thank you for your answer!
– LeeSwaggers
Nov 21 at 17:56
Okay I think I get what you're saying! But about the packages being "safe", I mean not altered or affected by malware. But I get what you saying here. Thank you for your answer!
– LeeSwaggers
Nov 21 at 17:56
add a comment |
up vote
0
down vote
The macos has repos like linux, just setup differently. a .git folder will exist in each of your repositories so finding the location of them will give you all your repos.
find /Users/username -name ".git" -print
New contributor
I actually read about this in some article. But that is not quite what I mean. What I mean is the "server-side" location of the files one is downloading, not so much as where the file storing this information is.
– LeeSwaggers
Nov 21 at 17:57
add a comment |
up vote
0
down vote
The macos has repos like linux, just setup differently. a .git folder will exist in each of your repositories so finding the location of them will give you all your repos.
find /Users/username -name ".git" -print
New contributor
I actually read about this in some article. But that is not quite what I mean. What I mean is the "server-side" location of the files one is downloading, not so much as where the file storing this information is.
– LeeSwaggers
Nov 21 at 17:57
add a comment |
up vote
0
down vote
up vote
0
down vote
The macos has repos like linux, just setup differently. a .git folder will exist in each of your repositories so finding the location of them will give you all your repos.
find /Users/username -name ".git" -print
New contributor
The macos has repos like linux, just setup differently. a .git folder will exist in each of your repositories so finding the location of them will give you all your repos.
find /Users/username -name ".git" -print
New contributor
New contributor
answered Nov 21 at 1:43
Michael Prokopec
51214
51214
New contributor
New contributor
I actually read about this in some article. But that is not quite what I mean. What I mean is the "server-side" location of the files one is downloading, not so much as where the file storing this information is.
– LeeSwaggers
Nov 21 at 17:57
add a comment |
I actually read about this in some article. But that is not quite what I mean. What I mean is the "server-side" location of the files one is downloading, not so much as where the file storing this information is.
– LeeSwaggers
Nov 21 at 17:57
I actually read about this in some article. But that is not quite what I mean. What I mean is the "server-side" location of the files one is downloading, not so much as where the file storing this information is.
– LeeSwaggers
Nov 21 at 17:57
I actually read about this in some article. But that is not quite what I mean. What I mean is the "server-side" location of the files one is downloading, not so much as where the file storing this information is.
– LeeSwaggers
Nov 21 at 17:57
add a comment |
1
And unix.stackexchange.com/questions/342222/…, unix.stackexchange.com/questions/317698/…
– muru
Nov 21 at 1:52