The ALPM project received 15 months of funding from Sovereign Tech Fund to build a Rust-based framework for Arch Linux package management. The team created formal specifications for packaging formats, foundational libraries for parsing and validation, Python bindings, a linting framework, and VOA (Verification of OS Artifacts) - a technology-agnostic signature verification system. Key deliverables include libraries for handling SRCINFO, PKGINFO, BUILDINFO, MTREE files, package and repository database management, and a new OpenPGP verification approach that replaces stateful GnuPG keyrings with a stateless directory structure. The project produced over 46,000 lines of Rust code and comprehensive specifications to enable broader community participation in Arch Linux package management development.
Table of contents
ALPM stats ๐Specifications ๐Foundational libraries ๐๏ธLibraries and command line interfaces ๐ป๏ธDevelopment integration ๐ทPython bindings ๐Linting ๐งถTranslations ๐VOA ๐Future work ๐Sort: