Ipkg on the Linkstation (for end-users)
This article is based on original work from frontalot & nix & timtimred from www.linkstationwiki.org
Ipkg on the LinkStation
iPKG - The Itsy Package Management System is the package management system used in OpenLink firmware, a very lightweight package management system. It was designed for Linux installations with severe storage limitations such as handheld computers. iPKG is more than just an embedded Linux flash image builder, (although it does that fairly well). It also allows for dynamic installation/removal of packages on a running system.
iPKG is itsy in several ways:
- The control programs themselves are small
- The installed meta-data tries to be only what is absolutely essential
- The available packages are small. (The idea is that the package tree should be as fine-grain as possible.)
- This is similar to other Package Management Systems:
Ipkg ipkg install <software> Debian (Advanced Packaging Tool) apt-get install <software> Gentoo (Portage) emerge <software>
Manually Installing ipkg
If you want to use .ipk packages on an unsupported firmware or older firmware, you first need to install a version of ipkg manually:
wget http://downloads.linkstationwiki.net/powerpc-hdhlan-LS1/powerpc-hdhlan-ipkg-0.99.153-1.tgz tar -C / -xvzf powerpc-hdhlan-ipkg-0.99.153-1.tgz
wget http://downloads.linkstationwiki.net/mipsel-hdhlan-LS2/mipsel-hdhlan-ipkg-0.99.153-1.tgz tar -C / -xvzf mipsel-hdhlan-ipkg-0.99.153-1.tgz
The other way with MIPSel OpenLink is to use the included ipkg-cl to install the latest ipkg. add the following line to the file /etc/ipkg.conf
src AlexanderSkwar http://alexander.skwar.name/~askwar/linkstation/packages/mipsel/
ipkg-cl update ipkg-cl install ipkg
Manually configure /etc/ipkg.conf
Ipkg can automatically fetch and install packages from an online repository called a feed. ipkg will automatically download the requested package and its related dependencies, install the package and dependencies, and perform any setup operations, as specified in the packages. You will have to add the feeds to the file /etc/ipkg.conf. Go to the List of ipkg feeds for the LinkStation for more information. The official LinkStationWiki feed will be located at http://ipkg.linkstationwiki.net/.
# /etc/ipkg.conf -- Configuration for ipkg, the Itsy PacKaGe management system # # Must have one or more source entries of the form: # # src <src-name> <source-url> # # and one or more destination entries of the form: # # dest <dest-name> <target-path> # # where <src-name> and <dest-names> are identifiers that # should match [a-zA-Z0-9._-]+, <source-url> should be a # URL that points to a directory containing a Familiar # Packages file, and <target-path> should be a directory # that exists on the target system. # src openlink-stable <<<stable feed url>>> #src openlink-unstable <<<unstable feed url>>> # dest root / #dest ram /mnt/ramfs #dest ext /mnt/hda # # Proxy support: # #option http_proxy http://localhost:5865 #option ftp_proxy http://proxy.tld:3128 #option proxy_username <username> #option proxy_password <password> # # Offline mode (for use in constructing flash images offline) # option offline_root ipkg-root
No stable (or unstable feeds) yet.
If you wish to use these packages, add the following lines to the file /etc/ipkg.conf:
src nslu2-cross-stable http://ipkg.nslu2-linux.org/feeds/optware/ds101g/cross/stable/ src nslu2-cross-unstable http://ipkg.nslu2-linux.org/feeds/optware/ds101g/cross/unstable/ src nslu2-native-stable http://ipkg.nslu2-linux.org/feeds/optware/ds101g/native/stable/ src nslu2-native-unstable http://ipkg.nslu2-linux.org/feeds/optware/ds101g/native/unstable/
Experimental "unstable" ipk Packages for the MIPSEL Linkstation 2 If you wish to use those packages, the easiest way is, to add the following line to the file /etc/ipkg.conf:
src AlexanderSkwar http://alexander.skwar.name/~askwar/linkstation/packages/mipsel/
Installing Packages via a Feed
If you have a configured ipkg you can start to use the feed. Begin by updating the list of available packages:
Then display the list of available packages:
You may search for a particular package by using the grep program:
ipkg list|grep packagename
Once you know what to install installing packages from the feed is very simple:
ipkg install packagename
Some packages feature installation scripts which help configure the software. If the requested package has such a script, you will automatically be prompted to provide information.
Upgrading Already Installed Packages
You can upgrade already installed software quite easily:
Manually Installing .ipk Packages
Unless you have a specific reason not to, you should always install packages via the official feed. However, in certain cases, you may wish to manually install packages:
ipkg install packagename_version.ipk
Note: The current version of ipkg may leave an empty directory in your tmp directory. You can delete this directory after completing a package installation (the tmp directory is also automatically cleared during each reboot).
usage: ipkg [options...] sub-command [arguments...] where sub-command is one of: . Package Manipulation: update Update list of available packages upgrade Upgrade all installed packages to . latest version install <pkg> Download and install <pkg> . (and dependencies) install <file.ipk> Install package <file.ipk> configure [<pkg>] Configure unpacked packages remove <pkg> Remove package <pkg> flag <flags> <pkg> ... Flag package(s) <pkg> . (<flag>=hold|noprune|user|ok|installed|unpacked (one per invocation)) . Informational Commands: list List available packages and descriptions files <pkg> List all files belonging to <pkg> search <file> Search for a package providing <file> info [pkg [<field>]] Display all/some info fields for <pkg> or all status [pkg [<field>]] Display all/some status fields for <pkg> or all download <pkg> Download <pkg> to current directory. compare_versions <v1> <op> <v2> (compare versions using <= < > >= = << >>) print_architecture prints the architecture. print_installation_architecture whatdepends [-A] [pkgname|pat]+ whatdependsrec [-A] [pkgname|pat]+ whatprovides [-A] [pkgname|pat]+ whatconflicts [-A] [pkgname|pat]+ whatreplaces [-A] [pkgname|pat]+ . Options: -A Query all packages with whatdepends, whatprovides, whatreplaces, whatconflicts -V <level> Set verbosity level to <level>. If no value is --verbosity <level> provided increase verbosity by one. Verbosity levels: 0 errors only 1 normal messages (default) 2 informative messages 3 debug output -f <conf_file> Use <conf_file> as the ipkg configuration file -conf <conf_file> Default configuration file location is /etc/ipkg.conf -d <dest_name> Use <dest_name> as the the root directory for -dest <dest_name> package installation, removal, upgrading. <dest_name> should be a defined dest name from the configuration file, (but can also be a directory name in a pinch). -o <offline_root> Use <offline_root> as the root directory for -offline <offline_root> offline installation of packages. -verbose_wget more wget messages . Force Options (use when ipkg is too smart for its own good): -force-depends Make dependency checks warnings instead of errors and install/remove package in spite of failed dependences -force-defaults Use default options for questions asked by ipkg. (no prompts). Note that this will not prevent package installation scripts from prompting. -force-reinstall Allow ipkg to reinstall a package. -force-overwrite Allow ipkg to overwrite files from another package during an install. -force-removal-of-dependent-packages -force_space Install even if there does not seem to be enough space. -noaction No action -- test only -nodeps Do not follow dependences -recursive Allow ipkg to remove package and all that depend on it. -test No action -- test only -t Specify tmp-dir. --tmp-dir Specify tmp-dir.
Some potential security issues:
- A package can accidentally or intentionally change access rights, e.g., a package can open the whole /etc directory to all users or set the SUID bit on some binary.
- Replacement or manipulation of security relevant binaries (e.g. the shell) or configuration files.
- Installation of malicious binaries, e.g., backdoors and root kits. This only is an issue with untrusted feeds or .ipks.
- Accidental or intentional changes of security-relevant configuration files.