From MEPIS Documentation Wiki
The Community Repository (CR) is a package Repository, or 'repo', run by and for the MEPIS Community that can be used to install software primarily via Synaptic. The Install Software page also has other methods to install software.
The CR consists of 4 separate sections:
- main; Most users should use at least the Main CR Repo.
- main - restricted; contains packages that may violate patent and/or licensing laws in your country.
- test; these packages are being tested before moving to Main.
- test - restricted; also packages being tested- see restricted note above
This page contains instruction on how to enable access to the community repository, how to request packages, and how to assist the community by testing.
Disclaimer - Please Read
We (the Packaging Team) have attempted to make the contents of the repo as stable & trouble free as possible for you - but there are no guarantees. We are following strict packaging guidelines to try and ensure no computability issues - however if you do use the repo, you acknowledge that you do this at your own risk. I (Brooko) am using it on my production machine - so this should give you my opinion regarding compatibility / stability.
Using The Community Repository (Main and/or Testing)
To make use of the Community Repository (Main and/or Testing), they need to be enabled in your sources list. For what your sources should be and how to edit them see the Sources.list wiki page.
Before using the Test Repo, please see the warnings in "Test Repository Notes" section below.
These have been updated for MEPIS 8 - now utilizing a "Test" repository - rather than linking to a filesharing site on MEPIS Community forum.
- Community members will use the ML Package Request thread to request packages.
- Upon request of a package, a Community Packaging Team member will either volunteer to build it (confirm in same post), or if thread unanswered for a period of 7 days (unlikely) then the Community Packaging Project Leader will assign the request to a "Packaging Pod". The package builder (once assigned) should post in the package request thread to advise that the requested package has been assigned.
- The packager then builds the requested package using the Mepis Package Building Guide.
- Once package has been built, the builder starts a new thread on MEPIS Community in the News/Package Status forum. In the thread list - the package, any known dependency issues, and advise that the package will be shortly available for testing. The packager then advises their maintainer, and provides him/her a link to the build files (the deb(s), dsc, diff and source files).
- The maintainer downloads the necessary build files, checks them for accuracy, virus checks them, and uploads them to the Test repository. Once the application appears in test, the maintainer advises the packager to notify the community via the original thread on ML forums NOTE - the reason for the packager advising the community is so that they get appropriate acknowledgment for their work on the package.
- The packager notifies the community, and requests testing and feedback. Following confirmation that the package has been tested and confirmed working with no issues, the packager advises their Maintainer - who in turn arranges transfer of the approved package files from Test to Main.
- Maintainer then posts in the same News/Package Status forum thread to confirm completed packages have been uploaded and are available in the main repository.
- Maintainer then announces the packages availability on the MEPIS Community website, and adds / updates the application in the application list (with screenshot and details)
Pods / Structure
- The MEPIS Packaging Team is divided into sub-teams or pods (at the moment 2). Each pods consists of a Maintainer and 2-3 package builders.
- Only Maintainers can upload packages to the Community Repository and Community Test Repository
- Maintainers can upload their own packages - but have to follow the same strict rules on testing and approval before upload to Main repository.
- If for any reason a MEPIS Packaging Team member is unable to continue with their role, it is very important that they try and find a replacement within the community - and organize seamless continuity.
- If you are interested in joining the MEPIS Packaging Team - please get in touch with a team member on MEPIS Community forum.
- Why does it say 'You are about to install software that can't be authenticated!' ?
- This is because there is no GPG key for community repository. Given its structure there isn't a way to sign the packages that actually make it more secure - although signing it would make it appear to be so. All the packages are signed by the packagers and that is checked when packages are added to the repos. Since the mepis-deb.org servers are not where the packages are processed, and they're just serving as static files with no active content, it would be relatively hard to hack in and insert a malicious program and update all the Package files to make it available without breaking the repo. And it would disappear at the next update.
- How can I find out which packages are in the Community Repository?
- All packages are tracked on this page at the MEPIS Community Website
- What packages will be in the Community Repository?
- Any packages requested by the community which we are able to build.
- Any packages not found in 'stable', or newer versions of dated packages in the 'stable' repositories.
- Will the source code be provided?
- We ask that all package contributors adhere to the license of the program. As part of our procedures, we've indicated for source to be provided by the builders, and the intention is to make this available in our Community Repository.
- How many versions do I need to maintain?
- We would like to keep packages synced for both 64bit and 32bit versions. We are aware that special cases arrive where only one build is available, so this is not an absolute rule.
Test Repository Notes
- The test repository should only be enabled to download packages for testing, and immediately disabled afterward.
- The test repository should not be used on main production machines or mission critical set-ups (unless it is for an install in a discardable Virtual Machine)
- We do encourage the community to help us test each application thoroughly - but cannot guarantee the compatibility of the application while it is in test. We would prefer only experienced testers use the Test Repo - and less experienced MEPIS Community members wait the short time required for the application to migrate from test to main.
- The MEPIS Packaging Team take every care when building and uploading packages, but in using the Community Repositories, you do so at your own risk - ESPECIALLY the test repository.