Good luck share the progress and let us know how it goes. Is it similar to nix? but from what I can feel, is intending to be simpler?
BTW how much of it is vibe coded?
For something that only uses your home folder, I recommend checking out mise https://mise.jdx.dev/
There is also conda/mamba/pixi/etc. (anything in the conda-forge ecosystem) that can be used without root. Then there are Guix and nix, which (mostly) require to be set up by someone with root privileges, but which then allow unprivileged users to install packages for themselves. I think I have even used emerge rootless-ly at some point a few years ago.
Another fact is that it's basically like AUR, with little to no oversight. If AUR had malware then just imagine how much malware is there in brew recipes.
They also didn't use cryptographic signing for the longest time, they did get some shit for that.
There were more, can't remember now.
One other thing that seriously annoys me is the automated closure of reported issues after they get no response for a while. So I reported maybe 3 bugs and then I stopped altogether, because why would you waste your time on a project that doesn't respect it? All these bugs were actual full blown bug reports, well written and researched. I can't but think that projects that close issues like that are made to look better than they are.
Also, you guys remember when its author ranted about not having gotten a job at Apple? I always thought they cared about the prestige of that project more than the actual project, based on the level of security shortcomings. Brew has that serious amateurish taste to it.
They're so convinced that their way is right and essentially stick their fingers in their ears when anyone raises concerns.
Unfortunately cargo culting is a thing.
I say this as a macOS user.
Fortunately alternatives like MacPorts exist.
The difference is that it strives to track all non-user files, (not just packages, and especially /etc), but you can adopt it partially.
The ppa directive hints that this is intended for Ubuntu because otherwise installing PPAs is a great way to break a non Ubuntu distro.
The deb directive uses the old and soon to be deprecated .list file extension. DEB822 format is the replacement.
The key directive adds the key as globally trusted for all repos instead of locking it to a specific repo as recommended by Debian. I think this is required under the new DEB822 repo format.
Basically, /etc/apk/world keeps a list of explicitly installed packages.
When you manually install a package, it's added to this list, when you manually remove a package, it's removed from the list.
Installation and upgrading (and "fixing) merely ensures that those packages and their dependencies are installed, no more, no less. This also automatically cleans up stale, unused dependencies.
It's a lovely way to get deterministic results. You can just back-up that world file, or copy it to another machine and get the exact same installation.
lifetimerubyist•1w ago
migmaldo•1w ago
SubiculumCode•1w ago
yxhuvud•1w ago
c-hendricks•1w ago
Edit: oh this aptfile doesn't do the one thing I actually use brew bundle for: cleaning up the mess of leftover packages
seemaze•1w ago
https://wiki.alpinelinux.org/wiki/Alpine_Package_Keeper#Worl...
lifetimerubyist•1w ago
c-hendricks•1w ago
Still, can you share your script?