TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

83% Positive

Analyzed from 1104 words in the discussion.

Trending Topics

#package#linux#packages#search#don#manager#though#https#foo#org

Discussion (38 Comments)Read Original on HackerNews

chb2 days ago
First I saw that it's written in Perl. Then I realized that the last release was 11 years ago and that the repository domains are hardcoded in the one-file script.
Intralexical1 day ago
Does it still work, though?

Where else would you put the repository domains?

atoav1 day ago
I would put them into a configuration file. You know, so people can configure which repositories are being searched.

Generally I advice against hard doing stuff that changes often and may need to be adjusted for different users or organizations.

halJordan1 day ago
Are you asking if this tool can find something on ubuntu 26.04 when the urls it has were hardcoded 11 years ago?
c-hendricks1 day ago
The URL to search for packages in Ubuntu for example hasn't changed to my knowledge. Are you assuming it's only looking for packages in releases that were current at the time?
yjftsjthsd-h1 day ago
The site it hardcodes is https://packages.ubuntu.com, so yes I would expect it to work fine
pimlottc1 day ago
In about a hundred or so separate microservices, of course…
thilog1 day ago
The last commit was four years ago.
pxc1 day ago
Who has?

Nixpkgs has. :)

Nowadays the only search like this I need to run is

  nix-locate -r 'bin/foo$'
It would be nice to have a CLI alternative to Repology, though.
sestep1 day ago
Another great tool, built on top of nix-locate, is comma. So for any program foo, if you have foo installed, you can run it like this:

  foo
And if you don't have it installed, you can run it (without installing!) like this:

  , foo
And if multiple different packages provide a program named bin/foo then comma lets you interactively choose the one you want, and remembers your choice so you don't have to specify again unless you choose to via the -d flag.
arikrahman1 day ago
I've been using https://search.nixos.org/ this whole time to find packages. Thanks for dropping this!
foobarqux1 day ago
....

     function repology() {
         curl -L --user-agent 'hackernews' \
             "http://repology.org/api/v1/project/$@"
    }
Fnoord1 day ago
Latest release: May 19, 2015

Abandoned, but forkable (since FOSS), and a decent idea.

Probably nowadays this gets done in Node, parsing the package search websites. Preferably, this would be done via an API though.

RunningDroid1 day ago
> Probably nowadays this gets done in Node, parsing the package search websites. Preferably, this would be done via an API though.

Repology provides an API but it's unstable: https://repology.org/api/v1

lschueller1 day ago
Yes, agree. The idea and concept is cool! Imo worth it to keep an eye on it and play with it.

First thought, which came to my mind, was a security use case to get it to a point for sbom handling and tracking. In particular, respective to all the recent package vulnerabilities.

c-hendricks1 day ago
Shame Homebrew for Linux is getting no love from any of the tools / lists mentioned here.

Since switching to that and flatpak my distro choice is "what sticks closest to the upstream of [my preferred DE]"

dan151 day ago
Do Linux users actually use Homebrew day to day? My impression of it was that it's mostly for MacOS users that want to keep doing things the same way instead of learning the Linux way (using the OS package manager).
analog_daddyabout 22 hours ago
Ohh yes, a minority of us do exist. I prefer it over appimages on my personal pc. Gets you almost rolling release software without needing to use a rolling release. I used to use distrobox with arch Linux on pop os base, but then just gave homebrew and nix a try to scratch the itch.

Nix is not there yet in terms of user friendliness. homebrew for linux is pretty awesome.

Only issue i have is that it creates a separate user and doesn’t support custom prefixes (their page says you are on your own if using custom prefixes). While their reasoning is sound, not having an easy way to know which programs will break if using custom prefix is a bummer for me at work.

c-hendricks1 day ago
I have for a while yeah. As mentioned it means the distro packages don't matter for a lot of developer tools / CLIs. Wanna use a stable Debian / Ubuntu LTS for years? Want to use rolling releases so your desktop is up to date? Homebrew's got you covered.
ElectricalUnion1 day ago
In bazzite/Fedora Silverblue, it's the expected way non-GUI packages are installed to the host system. The other way is toolbox/distrobox (rootless containers tightly integrated with the host).
data-ottawa1 day ago
It’s the default package manager in Bazzite and is once of the most functional packagr managers on atomic fedora.
Fnoord1 day ago
I use it on DSM (Synology OS) because all the software can be easily installed outside of DSM.
dilawar1 day ago
There is also https://pkgs.org ..
INTPenisabout 24 hours ago
I made this in under 100 lines bash and it supports Arch, RHEL-based, Debian-based, Alpine and OpenSuse. But the problem is that some distros just have rubbish native search of package files.

And of course my tool searches their native package manager, not their online services, API, package repos. That's a completely different approach.

hparadiz1 day ago
I've been working on a GUI task manager for Linux and I've been wanting to put a "Funding" or ownership meta data next to the process or process group in the view so people can know where the upstream code lives, how to support the project, and what organizational unit "owns" that process.

So I actually vibe coded a script that does this against a sqlite db I've been considering to bundle with my task manager so it can know this stuff on the fly.

But yea this is a key missing component in Linux user space. Windows let's you encode organizational stuff into an exe but on Linux binaries don't really have that.

ptx1 day ago
You can usually get info about the upstream from the package metadata, e.g. on Debian:

  $ apt info whohas
  ...
  Homepage: http://www.philippwesche.org/200811/whohas/intro.html
  ...
The distribution model on Linux (generally speaking) is different from Windows, though, so I don't think it makes sense to view processes as fully "owned" by the upstream in the same way as on Windows. Instead of letting each individual organization directly have administrator access to rummage around on our machines and install packages, this is mostly delegated to the Linux distribution, which may customize the packages. (And of course the user has the right to customize the program as well, assuming it's FOSS, so ultimately the user is the owner of their own processes.)
hparadiz1 day ago
Packages are not binaries. When I write software for Linux I'm not gonna sit there and wait for apt whatever to run in the background. That was the whole point of the sqlite db. Don't worry I poll the entire debian database.... and ubuntu ..... and fedora.... and gentoo.... . and arch..... etc.

The tldr is binaries on linux really should have org unit as a meta data field because when I write a task manager in C it needs to be fast.

TingPing1 day ago
It already exists, the appstream spec can associate binaries with metadata.
yjftsjthsd-h1 day ago
This would pair nicely with distrobox or Bedrock Linux:)
nikisweeting1 day ago
Oh nice, I just implemented something like this for installing from any package manager uv-style https://abxpkg.archivebox.io/, but I haven't added a "search" command yet, I should add that!
skeledrew1 day ago
Interesting, I've been wanting something like this. My main deal though is updates: how is that handled? Would love some kind of auto-update with a review/notification mechanism.
peter_d_sherman2 days ago
Related:

List of linux package search databases:

https://github.com/sxiii/awesome-package-search

deferredgrant1 day ago
This is exactly the kind of boring CLI tool that earns its keep. Package names and availability differ just enough across distros to waste time in tiny annoying increments.
Advertisement
TZubiri1 day ago
"Just gimme thething, I don't care where from" is a great way to get supply chain vulns
bblb1 day ago
This kind of busy work should suit an AI agent:

Go and find me all the repolists and package/software metadata for any distro and OS ever released. Write the results to a local SQLite. Incrementally update, but don't hammer the sources to death. Provide a web UI and CLI.

embedding-shape1 day ago
Or you know, you could do that with a ~100 long script. You don't have to use LLMs for everything, especially when you're not dealing with freeform text at all, use data types and data structures, we've created the concepts for a reason.
bblb1 day ago
Sure. But then I would have to use my brain to actually write code. I thought we were past that already. Also, if it's an agent that keeps scouring the net autonomously for more distros, then I wouldn't have to update the sources manually on my 100 line script.