UPack Documentation

Repackaging & Auditing

  • Last Modified: 2019-04-10

Packages work at their best when they are read-only and cryptographically verified, but this means that you can't change any of the package metadata (including the version number) without "tampering" with the package.

For example, if you have a pre-release package (HDars.Web:1.4.5-rc.2), but just want to "change" the version, then you will have created a new package. If you change a different piece of metadata (such as the author name), then you've created a very confusing situation where two different files are apparently the same package.

This is where repackaging comes in: it's an operation that involves changing a small part of package metadata (such as the version number) without altering the contents, while retaining a "pointer" to the original package inside the newly created package. Of course, this operation can only be performed by a trusted person or service to ensure that the repackaging is securely performed.

The universal packaging manifest file allows for storing a chain of repackaging events that allow you to verify each preceding package.

Is this documentation incorrect or incomplete? Help us by contributing!

This documentation is licensed under CC-BY-SA-4.0 and stored in GitHub.