Ways to check what repo is responsible for what package

Topic: Ways to check what repo is responsible for what package (Read 308 times) previous topic - next topic

0 Members and 3 Guests are viewing this topic.

Ways to check what repo is responsible for what package

01 September 2023, 11:14:20

Based on talk in this thread, I am trying to find a reliable way to see who installed what. What seems as a good starting point is this snippet I found here:

Code: [Select]

pacman -Qi |
  grep '^Packager' |
  cut -d: -f2 |
  sort |
  uniq -c |
  sort -n |
  sed 's/^ *//;s/  /:/' |
  awk -F: "{printf \"%5.1f%%  \",\
      100 * \$1 / $(pacman -Qq | wc -l);\
      \$1=\"\" }1"

Doesn't list package names yet but it can do that soon. Does this look correct? I'll probably play some more with this snippet, assuming it gives reliable results, seems it does.

Re: Ways to check what repo is responsible for what package

Reply #1 – 01 September 2023, 14:36:30

This will show what packages you have installed from Arch based on their availability in the respective repos - but it doesn't verify the fact, and you might need to vary the repo names depending on what you have in /etc/pacman.conf :

Code: [Select]

$  pacman -Qq | grep -Fxf <(pacman -Slq extra community multilib) | grep -Fxvf <(pacman -Slq system world galaxy universe omniverse lib32)

This was from capezotte in this thread:
https://forum.artixlinux.org/index.php/topic,2702.15.html
It could be helpful to crosscheck your results with what should be the case.

Re: Ways to check what repo is responsible for what package

Reply #2 – 01 September 2023, 15:06:12

Quote from: ####### – on 01 September 2023, 14:36:30

This will show what packages you have installed from Arch based on their availability in the respective repos - but it doesn't verify the fact, and you might need to vary the repo names depending on what you have in /etc/pacman.conf :

Thanks. I'll have to do some more reading, was convinced that pacman -Qi shows actual install state, including "Packager", not some DB state that can change. I am convinced this can be completely accurate if we combine few scripts and cross reference data, possibly including version numbers or similar.

I'll run fresh install soon and not include Arch repos to see what I am actually missing. So far all this effort was because of extra/vifm 0.13-1 which is really something that I could build easily or could be added to build bot since it doesn't touch init at all.

Re: Ways to check what repo is responsible for what package

Reply #3 – 01 September 2023, 16:04:17

I think I have reproducible example to test what -Qi actually shows, some conclusions may be off so please feel free to correct them. Of course I could install extra/libgit2 or world/libgit2 directly but I wanted to see how pacman behaves.

Exa, available only in extra (extra/exa 0.10.1-8), is pulling libgit2 available in world and extra.

pacman -S exa results in

Code: [Select]

> sudo pacman -S exa
resolving dependencies...
:: There are 2 providers available for libgit2.so=1.7-64:
:: Repository world
   1) libgit2
:: Repository extra
   2) libgit2

so we can reliably choose any repo.

In both cases, after installation, -Qi shows correct "Packager" so I believe we could rely on that to gather completely accurate data. Does this change in any way with DB update, before next install of the same lib takes place?

With world:

Code: [Select]

> pacman -Qi libgit2
...
Packager        : Artix Build Bot <[email protected]>
...

With extra:

Code: [Select]

> pacman -Qi libgit2
...
Packager        : Lukas Fleischer <[email protected]>
...

I have run this test multiple times after -Rsn exa, and it always seems to show correct data.

Re: Ways to check what repo is responsible for what package

Reply #4 – 01 September 2023, 17:31:48

My understanding is that pacman -Qi will reliably tell you the packager because it is getting the information from the 'desc' files under /var/lib/pacman/local. I could be wrong ?

Poorly written Python that chatgpt and I came up with. This definitely gets it's information from the 'desc' files

Code: [Select]

#!/usr/bin/env python3

### getdistro.py

import os

def get_distro(d_file):
    with open(d_file, 'r') as file:
        lines = file.readlines()
        for i, line in enumerate(lines):
            if line.strip() == '%NAME%':
                package_name = lines[i + 1].strip()
                p_dict = {'package_name': package_name}
                p_list.append(p_dict)
            if line.strip() == '%PACKAGER%':
                packager = lines[i + 1].strip()
                if "archlinux" in packager:
                    distro = "Arch"
                elif "artix" in packager:
                    distro = "Artix"
                else:
                    distro = "Unknown"
                p_dict['distro'] = distro
                break

def write_list_to_file(lst, filename):
    with open(filename, 'w') as file:
        for item in lst:
            file.write(str(item) + '\n')


local_dir = "/var/lib/pacman/local"
p_list = []
dirs = os.listdir(local_dir)
dirs.sort()
for p_dir in dirs:
    p_dir = os.path.join(local_dir, p_dir)
    if not os.path.isdir(p_dir):
        continue
    desc_file = os.path.join(p_dir, "desc")
    get_distro(desc_file)

arch_packages = [p for p in p_list if p.get('distro') == 'Arch']
artix_packages = [p for p in p_list if p.get('distro') == 'Artix']
unknown_packages = [p for p in p_list if p.get('distro') == 'Unknown']

arch_package_names = [package['package_name'] for package in arch_packages]
artix_package_names = [package['package_name'] for package in artix_packages]
unknown_package_names = [package['package_name'] for package in unknown_packages]

write_list_to_file(arch_package_names, 'Arch.txt')
write_list_to_file(artix_package_names, 'Artix.txt')
write_list_to_file(unknown_package_names, 'Unknown.txt')

print("Arch Packages:")
for package in arch_packages:
    print(package['package_name'])

print("\nArtix Packages:")
for package in artix_packages:
    print(package['package_name'])

print("\nUnknown Packages:")
for package in unknown_packages:
    print(package['package_name'])

Re: Ways to check what repo is responsible for what package

Reply #5 – 01 September 2023, 21:10:14

What I meant was not that you shouldn't use Qi, but after you have obtained a list of all your installed packages that originate from Arch, you could then delete from that list all those that are supposed to be there, and any that remain are likely to be there due to a problem - the other possibility would be if they were installed from Arch in the past and had only recently been added to the Artix repos with no version increment from an update since the time of installation. You could see that by looking at the build dates vs the installation date, again using Qi.

Re: Ways to check what repo is responsible for what package

Reply #6 – 01 September 2023, 21:16:27

Good stuff, thank you both. I am about to install Artix on my main machine so good to know we can reliably detect intruders.