Having a hard time understanding package-manager repositories? [duplicate]

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite













This question already has an answer here:



  • How does apt-get really work?

    1 answer



I'm currently starting to play around in the Terminal (MacOS), and learning to get the most out of it. I knew Homebrew was a very populair alternative package-manager on MacOS, so I decided to look into it.



I get the software installed, and everything is fine, and I can use it. But there is generally two things that I have a hard time figuring out.



Generally I can't wrap my head around where package-managers get their packages from? As an example if I were to download firefox on via APT or HB, where do their get the packages from?



apt-get install firefox
brew cask install firefox


When I go to Mozillas webpage and download Firefox I know they simply have the file on one of their servers, but is that also the case with the above? And in which case, is it the original developers server or maybe github as it seems to be with HB?



Also, when I download a file from the website, I generally know that Mozilla is a company with a good rep, and their files are safe. But how can I make sure the files I get via APT or HB is safe as well?



PS. I understand that it has something to do with the SHA keys that will have to match.










share|improve this question









New contributor




LeeSwaggers is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











marked as duplicate by Rui F Ribeiro, muru, G-Man, JigglyNaga, schily Nov 21 at 12:53


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.










  • 1




    And unix.stackexchange.com/questions/342222/…, unix.stackexchange.com/questions/317698/…
    – muru
    Nov 21 at 1:52














up vote
2
down vote

favorite













This question already has an answer here:



  • How does apt-get really work?

    1 answer



I'm currently starting to play around in the Terminal (MacOS), and learning to get the most out of it. I knew Homebrew was a very populair alternative package-manager on MacOS, so I decided to look into it.



I get the software installed, and everything is fine, and I can use it. But there is generally two things that I have a hard time figuring out.



Generally I can't wrap my head around where package-managers get their packages from? As an example if I were to download firefox on via APT or HB, where do their get the packages from?



apt-get install firefox
brew cask install firefox


When I go to Mozillas webpage and download Firefox I know they simply have the file on one of their servers, but is that also the case with the above? And in which case, is it the original developers server or maybe github as it seems to be with HB?



Also, when I download a file from the website, I generally know that Mozilla is a company with a good rep, and their files are safe. But how can I make sure the files I get via APT or HB is safe as well?



PS. I understand that it has something to do with the SHA keys that will have to match.










share|improve this question









New contributor




LeeSwaggers is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











marked as duplicate by Rui F Ribeiro, muru, G-Man, JigglyNaga, schily Nov 21 at 12:53


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.










  • 1




    And unix.stackexchange.com/questions/342222/…, unix.stackexchange.com/questions/317698/…
    – muru
    Nov 21 at 1:52












up vote
2
down vote

favorite









up vote
2
down vote

favorite












This question already has an answer here:



  • How does apt-get really work?

    1 answer



I'm currently starting to play around in the Terminal (MacOS), and learning to get the most out of it. I knew Homebrew was a very populair alternative package-manager on MacOS, so I decided to look into it.



I get the software installed, and everything is fine, and I can use it. But there is generally two things that I have a hard time figuring out.



Generally I can't wrap my head around where package-managers get their packages from? As an example if I were to download firefox on via APT or HB, where do their get the packages from?



apt-get install firefox
brew cask install firefox


When I go to Mozillas webpage and download Firefox I know they simply have the file on one of their servers, but is that also the case with the above? And in which case, is it the original developers server or maybe github as it seems to be with HB?



Also, when I download a file from the website, I generally know that Mozilla is a company with a good rep, and their files are safe. But how can I make sure the files I get via APT or HB is safe as well?



PS. I understand that it has something to do with the SHA keys that will have to match.










share|improve this question









New contributor




LeeSwaggers is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












This question already has an answer here:



  • How does apt-get really work?

    1 answer



I'm currently starting to play around in the Terminal (MacOS), and learning to get the most out of it. I knew Homebrew was a very populair alternative package-manager on MacOS, so I decided to look into it.



I get the software installed, and everything is fine, and I can use it. But there is generally two things that I have a hard time figuring out.



Generally I can't wrap my head around where package-managers get their packages from? As an example if I were to download firefox on via APT or HB, where do their get the packages from?



apt-get install firefox
brew cask install firefox


When I go to Mozillas webpage and download Firefox I know they simply have the file on one of their servers, but is that also the case with the above? And in which case, is it the original developers server or maybe github as it seems to be with HB?



Also, when I download a file from the website, I generally know that Mozilla is a company with a good rep, and their files are safe. But how can I make sure the files I get via APT or HB is safe as well?



PS. I understand that it has something to do with the SHA keys that will have to match.





This question already has an answer here:



  • How does apt-get really work?

    1 answer







apt package-management homebrew






share|improve this question









New contributor




LeeSwaggers is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




LeeSwaggers is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited Nov 20 at 21:41









Rui F Ribeiro

38.2k1475125




38.2k1475125






New contributor




LeeSwaggers is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked Nov 20 at 21:33









LeeSwaggers

132




132




New contributor




LeeSwaggers is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





LeeSwaggers is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






LeeSwaggers is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




marked as duplicate by Rui F Ribeiro, muru, G-Man, JigglyNaga, schily Nov 21 at 12:53


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.






marked as duplicate by Rui F Ribeiro, muru, G-Man, JigglyNaga, schily Nov 21 at 12:53


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.









  • 1




    And unix.stackexchange.com/questions/342222/…, unix.stackexchange.com/questions/317698/…
    – muru
    Nov 21 at 1:52












  • 1




    And unix.stackexchange.com/questions/342222/…, unix.stackexchange.com/questions/317698/…
    – muru
    Nov 21 at 1:52







1




1




And unix.stackexchange.com/questions/342222/…, unix.stackexchange.com/questions/317698/…
– muru
Nov 21 at 1:52




And unix.stackexchange.com/questions/342222/…, unix.stackexchange.com/questions/317698/…
– muru
Nov 21 at 1:52










2 Answers
2






active

oldest

votes

















up vote
1
down vote



accepted










Maintainer of a software will pack the software as a certain format and upload it to a server which is designed to be accessible by all package manager users.



When you run package manager from your computer, it will connect to the server and download the package from the server to your computer then install it.



Homebrew, apt, pacman, dnf, AppStore, Google Play Store, Microsoft Windows App Store. They all work this way.




How can I make sure the files I get via APT or HB is safe as well?




Safe is not a well-defined concept. You ensure the bytes of file is created by trusted people, not altered by any other hacker.



Because you trust your package manager and its config file will connect the trusted server, and some sort of digital signature or HASH technology will ensure that you get the package created by trusted people.






share|improve this answer




















  • Okay I think I get what you're saying! But about the packages being "safe", I mean not altered or affected by malware. But I get what you saying here. Thank you for your answer!
    – LeeSwaggers
    Nov 21 at 17:56

















up vote
0
down vote













The macos has repos like linux, just setup differently. a .git folder will exist in each of your repositories so finding the location of them will give you all your repos.



find /Users/username -name ".git" -print





share|improve this answer








New contributor




Michael Prokopec is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

















  • I actually read about this in some article. But that is not quite what I mean. What I mean is the "server-side" location of the files one is downloading, not so much as where the file storing this information is.
    – LeeSwaggers
    Nov 21 at 17:57

















2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
1
down vote



accepted










Maintainer of a software will pack the software as a certain format and upload it to a server which is designed to be accessible by all package manager users.



When you run package manager from your computer, it will connect to the server and download the package from the server to your computer then install it.



Homebrew, apt, pacman, dnf, AppStore, Google Play Store, Microsoft Windows App Store. They all work this way.




How can I make sure the files I get via APT or HB is safe as well?




Safe is not a well-defined concept. You ensure the bytes of file is created by trusted people, not altered by any other hacker.



Because you trust your package manager and its config file will connect the trusted server, and some sort of digital signature or HASH technology will ensure that you get the package created by trusted people.






share|improve this answer




















  • Okay I think I get what you're saying! But about the packages being "safe", I mean not altered or affected by malware. But I get what you saying here. Thank you for your answer!
    – LeeSwaggers
    Nov 21 at 17:56














up vote
1
down vote



accepted










Maintainer of a software will pack the software as a certain format and upload it to a server which is designed to be accessible by all package manager users.



When you run package manager from your computer, it will connect to the server and download the package from the server to your computer then install it.



Homebrew, apt, pacman, dnf, AppStore, Google Play Store, Microsoft Windows App Store. They all work this way.




How can I make sure the files I get via APT or HB is safe as well?




Safe is not a well-defined concept. You ensure the bytes of file is created by trusted people, not altered by any other hacker.



Because you trust your package manager and its config file will connect the trusted server, and some sort of digital signature or HASH technology will ensure that you get the package created by trusted people.






share|improve this answer




















  • Okay I think I get what you're saying! But about the packages being "safe", I mean not altered or affected by malware. But I get what you saying here. Thank you for your answer!
    – LeeSwaggers
    Nov 21 at 17:56












up vote
1
down vote



accepted







up vote
1
down vote



accepted






Maintainer of a software will pack the software as a certain format and upload it to a server which is designed to be accessible by all package manager users.



When you run package manager from your computer, it will connect to the server and download the package from the server to your computer then install it.



Homebrew, apt, pacman, dnf, AppStore, Google Play Store, Microsoft Windows App Store. They all work this way.




How can I make sure the files I get via APT or HB is safe as well?




Safe is not a well-defined concept. You ensure the bytes of file is created by trusted people, not altered by any other hacker.



Because you trust your package manager and its config file will connect the trusted server, and some sort of digital signature or HASH technology will ensure that you get the package created by trusted people.






share|improve this answer












Maintainer of a software will pack the software as a certain format and upload it to a server which is designed to be accessible by all package manager users.



When you run package manager from your computer, it will connect to the server and download the package from the server to your computer then install it.



Homebrew, apt, pacman, dnf, AppStore, Google Play Store, Microsoft Windows App Store. They all work this way.




How can I make sure the files I get via APT or HB is safe as well?




Safe is not a well-defined concept. You ensure the bytes of file is created by trusted people, not altered by any other hacker.



Because you trust your package manager and its config file will connect the trusted server, and some sort of digital signature or HASH technology will ensure that you get the package created by trusted people.







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 21 at 2:13









神秘德里克

345112




345112











  • Okay I think I get what you're saying! But about the packages being "safe", I mean not altered or affected by malware. But I get what you saying here. Thank you for your answer!
    – LeeSwaggers
    Nov 21 at 17:56
















  • Okay I think I get what you're saying! But about the packages being "safe", I mean not altered or affected by malware. But I get what you saying here. Thank you for your answer!
    – LeeSwaggers
    Nov 21 at 17:56















Okay I think I get what you're saying! But about the packages being "safe", I mean not altered or affected by malware. But I get what you saying here. Thank you for your answer!
– LeeSwaggers
Nov 21 at 17:56




Okay I think I get what you're saying! But about the packages being "safe", I mean not altered or affected by malware. But I get what you saying here. Thank you for your answer!
– LeeSwaggers
Nov 21 at 17:56












up vote
0
down vote













The macos has repos like linux, just setup differently. a .git folder will exist in each of your repositories so finding the location of them will give you all your repos.



find /Users/username -name ".git" -print





share|improve this answer








New contributor




Michael Prokopec is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

















  • I actually read about this in some article. But that is not quite what I mean. What I mean is the "server-side" location of the files one is downloading, not so much as where the file storing this information is.
    – LeeSwaggers
    Nov 21 at 17:57














up vote
0
down vote













The macos has repos like linux, just setup differently. a .git folder will exist in each of your repositories so finding the location of them will give you all your repos.



find /Users/username -name ".git" -print





share|improve this answer








New contributor




Michael Prokopec is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

















  • I actually read about this in some article. But that is not quite what I mean. What I mean is the "server-side" location of the files one is downloading, not so much as where the file storing this information is.
    – LeeSwaggers
    Nov 21 at 17:57












up vote
0
down vote










up vote
0
down vote









The macos has repos like linux, just setup differently. a .git folder will exist in each of your repositories so finding the location of them will give you all your repos.



find /Users/username -name ".git" -print





share|improve this answer








New contributor




Michael Prokopec is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









The macos has repos like linux, just setup differently. a .git folder will exist in each of your repositories so finding the location of them will give you all your repos.



find /Users/username -name ".git" -print






share|improve this answer








New contributor




Michael Prokopec is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this answer



share|improve this answer






New contributor




Michael Prokopec is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









answered Nov 21 at 1:43









Michael Prokopec

51214




51214




New contributor




Michael Prokopec is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Michael Prokopec is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Michael Prokopec is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











  • I actually read about this in some article. But that is not quite what I mean. What I mean is the "server-side" location of the files one is downloading, not so much as where the file storing this information is.
    – LeeSwaggers
    Nov 21 at 17:57
















  • I actually read about this in some article. But that is not quite what I mean. What I mean is the "server-side" location of the files one is downloading, not so much as where the file storing this information is.
    – LeeSwaggers
    Nov 21 at 17:57















I actually read about this in some article. But that is not quite what I mean. What I mean is the "server-side" location of the files one is downloading, not so much as where the file storing this information is.
– LeeSwaggers
Nov 21 at 17:57




I actually read about this in some article. But that is not quite what I mean. What I mean is the "server-side" location of the files one is downloading, not so much as where the file storing this information is.
– LeeSwaggers
Nov 21 at 17:57


Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?