Documentation / svpkg manual
svpkg 1.0.2 is a hybrid: it installs signed binary packages by default, and rebuilds any package from its recipe with one flag. Binary speed when you don't care, source control when you do.
| Command | Does |
|---|---|
| svpkg sync | Refresh the repository index (signature-checked) |
| svpkg add vim htop | Install packages with dependencies |
| svpkg add --from-source ffmpeg | Fetch the recipe + sources, build locally, install the result |
| svpkg up | Upgrade everything; --dry-run to preview |
| svpkg del htop | Remove a package; --purge for its config too |
| svpkg search ssh | Search names and descriptions in the index |
| svpkg info openssl | Version, deps, recipe URL, build options, install size |
| svpkg files coreutils | List files a package installed |
| svpkg owns /usr/bin/ld | Which package owns a file |
| svpkg verify | Re-checksum every installed file against the database |
| svpkg hold linux | Pin a package out of up (unhold to release) |
| svpkg history | Transaction log — every add/del/up with timestamps, rollback hints |
Config: /etc/svpkg.conf · local recipe overlays: /etc/svpkg/recipes.d/ · cache: /var/cache/svpkg/
A recipe is one shell file, ~40 lines, named recipe.sh in a
directory named after the package. This is the real recipe for htop in 1.0:
# /var/lib/svpkg/recipes/htop/recipe.sh name=htop version=3.3.0 release=1 desc="Interactive process viewer" url=https://htop.dev license=GPL-2.0 source=("https://github.com/htop-dev/htop/releases/download/$version/htop-$version.tar.xz") sha256=("1a1dd174cc828521fe5fd0e052cff8c30aa50809cf80d3ce3a481c37d0518e7f") depends=(ncurses) makedepends=(pkgconf) build() { cd "htop-$version" ./configure --prefix=/usr --sysconfdir=/etc make } check() { cd "htop-$version" && make check } package() { cd "htop-$version" make DESTDIR="$pkgdir" install }
Five functions are recognized —
prepare, build, check,
package, post_install — and only
build and package are mandatory. Builds run as an
unprivileged user in a clean chroot; the result is a .sv.tar.zst with a manifest
and a detached signature. Pass build options through
options=(no-docs static) or override per-machine in
/etc/svpkg/recipes.d/ — your overlay wins over the repo's recipe.
# build a package from a local recipe dir $ svpkg build ./htop ==> htop-3.3.0-1.x86_64.sv.tar.zst (signed: local key) # host your own repo: it's just a directory + an index $ svpkg repo-add ./repo/*.sv.tar.zst $ python3 -m http.server -d ./repo 8080 # point a machine at it (/etc/svpkg.conf) repo main https://dl.longervision.us/skyvision/1.0/repo repo local http://10.0.0.5:8080 # your overlay repo, listed first wins
Every package and every index is signed. The official repo key ships in the base system and is
cross-checked against the release key. Adding a third-party repo
means importing its key explicitly with svpkg key-add — svpkg never installs
anything it cannot verify, and there is no flag to make it.
Chapter 12 of the Book walks through packaging the entire hand-built system this way — the distro eating its own cooking.
1.0 ships 1,842 packages. Want one added? Check the wishlist in the “svpkg & packaging” forum category — or better, submit the 40 lines yourself.
