Pi ROM packaging

Is it possible with a RISC OS Pi install (using an SD card prepared with !SystemDisc) to have the ROM under the control of !PackMan?

Apologies if the info about this is in the forum already, but I can’t find it. Thanks!

TBH, I have been experimenting with this.

So far, the best approach I have found is to create an OS Upgrade process which queries a WebService sending the specific board info, and the webservice sends back a zip file containing the specific Kernel image (pre built) and eventually the required extra firmware files etc.

Then it copies everything in RAMFS and from there starts an upgrade task to which I also need to add a backup process first (but I am no way near to a deliverable state).

The webservice (server side) also provides info on the latest Kernel release available.

Given that some vendor kinda uses their own version release numbers, I am starting to add md5 checksum for the kernel image to identify which version the user has and do the same for the versions I am storing on the distribution server.

Anyway in general:

• RISC OS Images are specific for the SoC system used
• Some vendor may add extras or use a sligthely different release (I think RComp does that)
• Some kernel release may rely on specific extra updates for a RPi

So, while !PackMan seems to handle general ARM architectures ok, I haven’t seen yet the level of requirements as above, plus I have learned today that !Packman is just a fancy unarchiver only (for what concern the installation), but it does handle backing up old releases if needed.

So, I am not sure how feasible it is right now using !Packman only. Others here may know more.

Hope this helps.

Thanks, Paolo. Yeah, I guess what you say is true; PackMan may not have enough sanity checking to oversee such a fundamental upgrade. But I think PackMan in general is developing very well, so perhaps we should be suggesting things like MD5 checksums to the PackMan developer. Your efforts do sound interesting, though.

I started musing about this because of something on the RISC OS Packaging Guide page in the ROOL wiki. It says:

In RISC OS Pi, PackMan is the primary interface for updating the OS distribution after it’s been released, including new ROMs and other system components.

But I’m wondering if that’s more of a “PackMan will be the primary interface…” and it hasn’t actually happened yet?

But I think PackMan in general is developing very well, so perhaps we should be suggesting things like MD5 checksums to the PackMan developer.

I’d very much like to add hashes of some sort to the RiscPkg format. This would mean you could drag and drop an application (module, font, StrongHelp file…) onto a tool that would then tell you what it is, what version it is, what other versions are available, and offer to download them.

so perhaps we should be suggesting things like MD5 checksums to the PackMan developer

I believe PackMan should handle MD5 checksums for the entire Package file. No idea however if this feature has been implemented, I can check.

I’d very much like to add hashes of some sort to the RiscPkg format.

That is already supported I think, but remember a RiscPkg package is a zip file. So what you want is a catalog of hashes (possibly md5 and sha256 at least) of all files and Apps/zip to identify them. So the catalog should also have options if you are seeking for a single file hash or an entire zip hash.

I still think a webservice is better than download an entire catalog locally. This is why I have been working on the FetchAURL module btw.
I should release the sources shortly.

I believe PackMan should handle MD5 checksums for the entire Package file

If you retrieve them from https this is surely not needed?

If you retrieve them from https this is surely not needed?

In theory yes, you no longer need to verify the identity of a package.

You could still want do the md5 check if one is paranoid and it still can help to verify if the files had been downloaded/stored correctly (aka bytes written correctly on the SD, no solar flair happened during download etc.)

PackMan just has a whole package hash to check the download against the index.

I’d very much like to add hashes of some sort to the RiscPkg format. This would mean you could drag and drop an application (module, font, StrongHelp file…) onto a tool that would then tell you what it is, what version it is, what other versions are available, and offer to download them.

You can drag an application or file to the PackMan iconbar icon and it will give you a search box to allow you to search for a package that has that application or in a the case of a file search the installed packages for the file. Not exactly what you are after, but hopefully a little helpful.