Proposal "Devuan User Repository"

exponentialmatrix · 2026-01-30 18:06:23

I would really like having a AUR (Arch User repository) but for a debian lts system. For those that don't know, The AUR is a large collection of script recipes for the ARCH system for packaging software. These are not general tools, you need the specific recipe, then the script will collect all the files and dependencies and patch stuff in order to build a package that you can then install normally.

I'm maintainig a fork of the arch tool and a few other helpers i started my self. https://dev1galaxy.org/viewtopic.php?id=7529

I believe they are many good reasons to have such a repository. And the best way to make such a repo, is by being officially part of a distro.

One very good reason, is in order to groom the next generation of package maintainers. You need a place, where people suck and can gain experience until they stop sucking. A DUR will be such a place. Institutions always do the mistake of becoming too elitistic and slowly strangling new people and with that committing suicide. In that sense, the quality of debian and devuan are too high. Specifically debian has gone too far with quality on various things. For example, you are meant to keep track of the copyright of every single file in a package in a specific machine readable format. Such a thing creates a lot of bureaucracy of dubious value. The prospect of becoming a debian packager is frankly intimidating and having to deal with a faceless bureaucracy. I believe that debian, is slowly killing it self, it just goes through the usual process of institutional decay. The latest rust and censorship (sexual and rude stuff) are a continuation of a long term trend. fortunes-off was in debian for over 20 years, they removed it a few years ago. Stuff like this are a red flag.

Other more immediate reasons is just practicality. There's a lot of software that will never be formally packaged. People can package it them selves with a crappy recipe from a DUR.

These recipes, are actually a new source package format in bash. I'm not saying to drop the debian source format, that would be impractical, the two can coexist. Being in bash, that lowers the barrier of entry. You just use ln for links, you don't need to learn how makefiles work etc. Also, they are single files, allowing easier audit in a low trust environment. And they also get the sources from upstream, allowing the repo to be extremely light weight. And they are similar to the AUR format, allowing some one to convert AUR recipes to DUR recipes without having to necessarily start from scratch.

If a stable version of Arch existed, i would not have bothered with all this. Cloning something like debian, is a huge undertaking. The most practical approach is to fork the AUR. The recipes stay as close as practically possible. A lot of devs just try to reinvent the weal with brand new formats. This way, i'm trying to minimize pointless deduplication.

The whole project, tries to keep the learning curve as flat as possible. This is why it's written in bash and tries to reuse what's already there. In the linux world, bash is the most well known programming language, since it's right there, in the terminal. The AUR on the other hand, has something like 100k recipes, so most of the time, you don't start from zero. They are no plans to rewrite things in rust or whatever, or changing the formats for some illusory reason. By not changing things, you lowering the learning curve. The project will stay very conservative. My attitude is, write once, run for ever and get married to your project instead of constantly rewriting everything.

What's being requested?

create an official DUR and accept the new source format (the debian formats remain). We could reuse gitea for this, very light on resources. I'm sure you have some server space available.

i have some thing like 100 example recipes https://gitea.com/DUR
Of those i would like to propose a few for inclusion in devuan. That would also require including easydeb, the packager.

tux_99 · 2026-01-30 22:00:06

I support this proposal, I tested easydeb last autumn (as documented in another thread here on this forum) and I found it easy to understand and very usable (not perfect, but no software is perfect).
The only reason I haven't used it again since, is lack of time, but if I have a need to package something again and find the time for it I will use it again.

greenjeans · Yesterday 01:05:14

I like this idea too!

RedGreen925 · Yesterday 04:11:10

I see very little mentioned about security. I fail to see the reason to compromise the archive with unsigned packages.

EDX-0 · Yesterday 06:47:56

all ideas are good, seeing them in action is another thing

i've tried to get into packaging some of the software i cobble for debian but gave up and have not looked back since, so i only release programs once in a while but package absolutely nothing.

Camtaf · Yesterday 09:38:57

Who is going to 'police' it?

Would need to be trust worthy.....

exponentialmatrix · Yesterday 11:21:02

@RedGreen925

The DUR will only have the recipes. A user would need to build the package themselves with the recipes. The built packages will not be added to the main archive. Security will be on the users.

@EDX-0
You can make lower quality packages and put them on the DUR. One of the objectives, is to lower the barrier to entry. It's better something then nothing. It's a incrementalism strategy.

@Camtaf
Similar model with AUR. Some trusted users police it and also reports from normal users. At first, it will be just me. Security will be mostly on users, you basically installing random software from the internet.

RedGreen925 · Yesterday 12:23:54

The DUR will only have the recipes. A user would need to build the package themselves with the recipes. The built packages will not be added to the main archive. Security will be on the users.
Security will be mostly on users, you basically installing random software from the internet.

That ought to work out well with that strategy you may as well be using Arch or Artix. At least they have more of the infrastructure to do it more securely.

Edit: And I would add not a single thought has gone into security with this, at least the recipes could be signed with a gpg key to add some sort of verification.

Last edited by RedGreen925 (Yesterday 12:27:31)

golinux · Yesterday 16:07:38

This is not a bad idea but . . .

Devuan does not need more diversification. It needs more hands on deck to take care of the essentials that are required. Currently, there is little or no redundancy to maintain those essential tasks and the new ones that keep popping up. Better use of your talents would be to join the team rather than to scratch your own itch.

exponentialmatrix · Yesterday 18:54:43

@RedGreen925

There's no stable Arch and it's easier to fork the AUR then make a stable arch.... So no, you can't just use Arch.

The security model is copied on the AUR. The recipes are actually in git repos. You audit it once, then you check the diffs later. You establish some trust on the specific maintainers. Then trusted users can ban accounts pushing malware and users can report them. Yes, you can't just blindly trust them like with a disro, but it's not totally wild either. In the end you download software from some random dude on the internet. It's not true no thought was put in security.

The recipe, downloads the source from upstream. It doesn't come bundled like normal packages.

This is a reaction to the slowness of packaging in normal distros.

@golinux

I'm guessing you didn't read all the rant.

One reason to do this, is to groom the next generation. Institutions always do the mistake of adopting too high standards and killing the next generation. One of the reasons to have a DUR, is to flatten the learning curve. You need a place where people suck, so that they can gain experience and stop sucking.

@greenjeans
People are very conservative, i already expect they will refuse.

Do you feel like upgrading your variant to a distro? The easydeb format could be a co-official source package format and the DUR an official "AUR"... i suppose it will be the "VUR".

EDX-0 · Yesterday 18:59:07

It needs more hands on deck to take care of the essentials that are required. Currently, there is little or no redundancy to maintain those essential tasks and the new ones that keep popping up. Better use of your talents would be to join the team

when there is no one young whom know how to build a bridge the standing bridges begin to fall with no one in sight to repair them less alone build new ones for generations, but all easy learning is bad, learning must be hard enough to chase away everyone otherwise there's no worth in the learning itself am i right?

golinux · Yesterday 20:32:11

Sad that our species has devolved to the point where "remedial classes" are suggested as a "solution" . . .

Note that I speak as an observer of the present compared to the tapestry of the past. Humans used to be competent to solve real problems in the real world. Those skills are quickly devolving and I am unsure that remedial intervention would even be effective at this point. The "masters of the machine" have seen to that . . .

When I was in high school, I read SciFi that foresaw this dynamic so no surprise that we have created what our collective consciousness has imagined and it is actually rather horrifying . . .

tux_99 · Yesterday 20:53:29

I really don't see why you would call this "remedial classes".

It's a stepping stone, nobody was born a master, not even in the rosy past you seem to refer to (which I have lived through too as I got into computers in the 80s, unless you refer to even more ancient times with punch cards and computers the size of a large closet...).

EDX-0 · Yesterday 21:05:31

"remedial classes" now that is fun, no education ministry in the americas nor western europe has had competency as a goal for the students in at least 2 decades and i can back that claim by first hand experience, the technological illiteracy of modern times is not result of the youth collectivelly flunking a computers class but moreso the result of the never getting one or at least a decent one in the first place.

exponentialmatrix · Yesterday 21:42:20

The mongols where able to shoot very accurately with a bow on horse back. They achieve this by starting to ride horses at age 3. This is how you truly learn.

You have it backwards. Standards have become too high and they constantly change. Work load is too high and stressful. Education is too demanding but take the basics for granted. It's the classic mistake all institutions make and gradually self destruct. Then there's talk of making X great again, not realizing that the peak was not sustainable resulting in the current decline.

We learn from history, that people don't learn from history. From the Spartans and Hittites to wikipedia and microsoft.... And yes also debian. Debian today, is not the same as Ian Murdoch's debian.... And also he killed him self, that should be taken as a warning that the good old days aren't as good as they might seem. A good example is South Korea. Extremely hard working, extreme education... but they are also the world champions in childlessness and suicide.

golinux · Yesterday 22:01:03

@EDX-0 . . . I had no idea things had gotten that bad in EU. I had the privilege of riding the wave of optimism and belief in education and progress following WWII. Accelerated classes. Amazing field-trips. After-school lectures from scientists on the cutting edge of research. Affordable higher education and all that went with that.

I never wanted a computer. Someone had to buy one for me. It was fun for a while and I used it to fight successfully to stop several unwanted local projects etc. and of course Devuan (even before it existed). Then dealing with the machine started becoming not fun anymore . . . always chasing my tail having to constantly relearn how the damn thing works. Having the machine dictate my life is not living . . . it is servitude!

brocashelm · Yesterday 22:33:20

This idea has been suggested many, many times in the past (in different incarnations) -- and the responses are the same as ever: put in the effort yourself or nothing will happen.

The focus of Devuan is removing Systemd and replacing its bits and pieces with Elogind, ConsoleKit2, Seatd, etc. where unavoidable. With Debian furthering the enshittification -- and now with Excalibur's release basing on Trixie -- those aforementioned bits and pieces are much harder to avoid now. That's where our collective efforts should be: to keep Systemd and other "fix what isn't broken" mechanisms at bay.

There are countless distros that are more newbie-focused that you could use, or else use a Devuan respin that meets your needs. You could always just install ExtRepo if you need third-party repositories for whatever reason. AppImages also work without affecting your system.

I don't see why we need a further stirring of the pot.

laurie_dev1 · Today 00:50:55

Just joined up to say I like this idea on a stable distro like devuan which i use on an older laptop.
Being an artix user on my main desktop PC I use the aur for a few things like obsidian-appimage and duckstation for playstation 1 games.
As long as i know what the PKGBUILD is doing im fine with it getting upstream sources as mentioned.

greenjeans · Today 01:36:08

I don't see why we need a further stirring of the pot.

Pooh...I say we break some s**t including new ground and let creativity loose.

It's not like it's obligatory.

"You are about to enable the user-repository, there may be dragons and panicking of kernels, don't do this if you lack skills and guts, and watch out for that greenjeans guy and his old-man-yells-at-clouds apps and not for nothing but exponentialmatrix is also very ornery"

pcalvert · Today 01:41:20

This isn't directly related, but I wanted to mention that there are other potential ways of getting additional software on Devuan. For example, Debian has a deb for the Nix package manager; however, it is (unfortunately) geared toward systemd. Perhaps it could modified so that it would work without systemd.

golinux · Today 03:14:48

Pooh...I say we break some s**t including new ground and let creativity loose.

Have you ever contributed any code directly to Devuan? Please remind me. If lack of needed hands-on begins to negatively impact Devuan's viability, you could just pick up your Vuu-do marbles and move to another base . . .

Obviously, I am in a mood . . .

steve_v · Today 03:31:01

golinux wrote:

Have you ever contributed any code directly to Devuan? Please remind me.

...

golinux wrote:

I have never written code and I couldn't write a bash script if my life depended on it!

(ref)
Rich innit, having a go at the author of a derivative distro and several utilities for their perceived lack of code contributions, while loudly proclaiming "I can't code".

As usual go, all you are "contributing" here is a bunch of crotchety barely-coherent bitching on the "state of humanity", irrelevant "in my day" rambling, and tired reruns of the same "somebody do the things I can't/won't" comments you seem to love dropping every time anyone dares make an even slightly productive suggestion.

On the OP: I don't disagree with the concept, but I'm not convinced making it "official" is a good idea.
As is painfully apparent in other threads here, the people wanting shiny-new software are often the same who never read the instructions... A user-curated build script repository will inevitably contain horribly broken junk, and "official" endorsement of that kind of thing will reflect negatively on Devuan as a whole, as well as likely clogging both the bugtracker and the forum with inactionable problem reports.
Put all the disclaimers you like on the thing, if it's on a devuan domain people will assume it's subject to devuan quality control and devuan support.

Last edited by steve_v (Today 03:48:43)

golinux · Today 05:12:50

@steve_v . . . You never miss an opportunity do you. LOL!

For those who might not know, I will list a few of my contributions to the Devuan project. Visually, Devuan would be a completely different animal without my input. This very forum would never have been created. Neither would the Devuan logo or the customized default desktops for Jessie through Daedalus. The current minimal forum layout was also my doing. It has been an honor to have created and unified Devuan's visual identity and messaging that so many have appreciated. Many thanks to all the wonderful Devuan users that have passed through and also left their mark on Devuan over the years.

The officially official Devuan Forum!

#1 2026-01-30 18:06:23

Proposal "Devuan User Repository"

#2 2026-01-30 22:00:06

Re: Proposal "Devuan User Repository"

#3 Yesterday 01:05:14

Re: Proposal "Devuan User Repository"

#4 Yesterday 04:11:10

Re: Proposal "Devuan User Repository"

#5 Yesterday 06:47:56

Re: Proposal "Devuan User Repository"

#6 Yesterday 09:38:57

Re: Proposal "Devuan User Repository"

#7 Yesterday 11:21:02

Re: Proposal "Devuan User Repository"

#8 Yesterday 12:23:54

Re: Proposal "Devuan User Repository"

#9 Yesterday 16:07:38

Re: Proposal "Devuan User Repository"

#10 Yesterday 18:54:43

Re: Proposal "Devuan User Repository"

#11 Yesterday 18:59:07

Re: Proposal "Devuan User Repository"

#12 Yesterday 20:32:11

Re: Proposal "Devuan User Repository"

#13 Yesterday 20:53:29

Re: Proposal "Devuan User Repository"

#14 Yesterday 21:05:31

Re: Proposal "Devuan User Repository"

#15 Yesterday 21:42:20

Re: Proposal "Devuan User Repository"

#16 Yesterday 22:01:03

Re: Proposal "Devuan User Repository"

#17 Yesterday 22:33:20

Re: Proposal "Devuan User Repository"

#18 Today 00:50:55

Re: Proposal "Devuan User Repository"

#19 Today 01:36:08

Re: Proposal "Devuan User Repository"

#20 Today 01:41:20

Re: Proposal "Devuan User Repository"

#21 Today 03:14:48

Re: Proposal "Devuan User Repository"

#22 Today 03:31:01

Re: Proposal "Devuan User Repository"

#23 Today 05:12:50

Re: Proposal "Devuan User Repository"

Board footer