Having been a longtime openSUSE user, I’m primarily used to the rpm / zypper based packaging system. I am aware it’s not necessarily the best, with Manjaro’s pkg / pacman appearing to be more optimal in several ways. There are however some things I don’t understand… particularly when it comes to managing sources; I’m used to being allowed to add my own repositories via custom URL’s, something Manjaro doesn’t seem to let me do.
First and foremost I wish to know the following: Let’s presume there’s an application which does not exist in any of the default Manjaro repositories, including AUR / Snap / Flatpak. However someone hosts said application in a compatible pkg directory on their own server, where they keep it updated against the latest Manjaro libraries. Is there a way to add an URL to that folder (http, ftp, etc) and have pacman use it as a repository? The Pamac GUI doesn’t offer a field where I can add my own software sources which bothers me a bit; I briefly read somewhere this may be possible by editing /etc/pacman.conf but I’d like someone to better explain the process.
Speaking of mirrors, this brings me to my second question: The packaging mechanism seems to be well designed, allowing the use of servers from different countries for optimal network speeds. I see those appear to be stored in /etc/pacman.d/mirrorlist which gets updated by the Refresh Mirrors List option in Pamac. Suppose I wanted to use an unofficial mirror of Manjaro and its software packages, or even host my own mirror of the OS: Is there an explanation of the process behind doing so and using an unofficial mirror in the package update / installation system?
A final question on mirrors is if they’re allowed to differ from one another; Do some mirrors contain software that others don’t, or newer / older versions of some packages? Or are all mirrors of the Manjaro OS identical copies and the system will error out if it detects any differences?
You can add additional repositories in /etc/pacman.conf
It is explained in the comments of that conf file how to do this:
# REPOSITORIES
# - can be defined here or included from another file
# - pacman will search repositories in the order defined here
# - local/custom mirrors can be added here or in separate files
# - repositories listed first will take precedence when packages
# have identical names, regardless of version number
# - URLs will have $repo replaced by the name of the current repo
# - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
# [repo-name]
# Server = ServerName
# Include = IncludePath
Example:
[linuxkernels]
Server = http://nhameh.ovh/$repo/$arch
SigLevel = Optional TrustAll
As you said /etc/pacman.d/mirrorlist contains a list of the servers, packages are being downloaded from. You can change that list and put your own server there.
Versions:
There are some timing differences. Some mirrors sync every 10 minutes, others just once per day, etc.
So could be that you have to wait for the latest update for some hours until you get the latest version…
Foreign / non-official packages:
Normally the mirrors sync from the official main repository, which means they only host those packages distributed from there.
Is it allowed to host non-official packages? → No clue. Technically it would be possible since the db files are not signed, but I don’t think any mirror in the official list is doing that. And even if they would, packages itself would need to be signed and trusted by you to be able to be installed (unless you manually configure it to ignore signatures as in the example above - SigLevel - …).
That’s what I was afraid of. This is ideal as a security measure of course: There’s no safety guarantee with external repositories, it’s up to you if you trust the owner and the packages to not be something broken or malicious. That aspect should definitely be made clear to the user.
It would still be great if the package manager offered a builtin way to add custom repositories, with a clear warning that software in them isn’t verified by the Manjaro team and you do so at your own risk. I’d even open a ticket for this since I think it’s an important capability to support in some form, though the bug tracker doesn’t appear to be accessible at the moment. Hopefully I won’t need to use custom repos at all… if I ever do, the solution in the previous reply sounds like it should suffice, as long as it doesn’t stop working I know I have this possibility handy if I ever need it for an emergency.
Warning: The official Arch Linux Developers and the Trusted Users do not perform tests of any sort to verify the contents of these repositories. It’s your decision whether to trust their maintainers, and you take full responsibility for any consequences of using any unofficial repository.
That will never happen. It’s not only about security, it’s about mixing incompatible packages and causing breakage. Unofficial repos are normally maintained by Arch users. Arch stable is newer than Manjaro stable (see here) and there can and will be issues.
As the wiki article above states, unofficial repos provide pre-built versions of PKGBUILDs found in the AUR. You’d be better off building the package from the AUR than installing a pre-built package built with potentially incompatible newer libraries.
Note that the AUR is not officially supported, either. However, we do have the #support:aur section for asking for help with using it.
I see what you mean. So it mostly relies on the official mirrors then. Thanks for clarifying.
Since my main worry with this is about not finding certain software, I figure I should ask: How does a library or application get included in the official Manjaro network… like if I find or create a piece of software I’d like to find in the installer? Is there a process to submit new software? Who maintains it? Are there guidelines limiting what’s allowed? Does the Manjaro team decide if it gets included, or is there a decentralized process where if enough users want it the app automatically gets in?
I’m also curious how someone can host their own mirror if they wish to participate in the network. I see quite a few servers, but for instance none exist in my country! I doubt that’s something I’ll personally do, I assume the whole of Manjaro is over 1TB (compressed) with so much software included. Still I’m curious if this is a possibility, as a backup or so an user can help better seed the packages.
Cheers. I wanted to ask one more thing… slightly different question but I’d rather not open a new thread for something minor; Is there a pacman command to detect and remove unneeded dependencies, if a package was upgraded to use a newer version of a lib or no longer needs that lib at all? I like keeping the installation clean and optimal, so if there’s a library that’s no longer used I’d rather not let it bloat the system. openSUSE has an orphaned / unneeded packages category for this purpose.
All those questions you have and more are answered in the wikis, and there’s no better wiki in the world than Arch’s, so you’d better dive in, you have a lot of exciting things to discover
Additionally Manjaro uses & endorses pamac, in a GUI or as a CLI, though pacman is more robust (having used Arch in the past it’s what I use and rely on).
I definitely prefer Pamac for normal installation given its GUI… for the CLI I’ll probably stick to pacman, should only be needed for special operations and stuff like remote (ssh) updates. That wiki page should clarify everything in terms of using the pacman commands, thanks.
