Home

pkg5

Pkg5 is an open-source software package manager and package format designed to simplify the installation, update, and removal of software across multiple operating systems. It provides a client tool, a repository protocol, and a standardized bundle format, all focused on reproducible builds, reliable dependency resolution, and verifiable security.

Developed by the Pkg5 Project, the first stable release appeared in 2021. The project aims to complement

Packages use the .pkg5 bundle format, which includes a metadata manifest, the payload, and optional installation

The dependency resolver analyzes version constraints and optional features, selecting a compatible set of packages. Install

Security features include isolated build environments, filesystem sandboxing during installation, and strict integrity verification for each

Although not universally adopted, pkg5 has been used by several Linux distributions and cross-platform development environments,

See also: package manager, repository, dependency resolution, package signing.

existing
system
tools
by
offering
a
unified
workflow
for
third-party
software
and
internal
components.
The
design
emphasizes
composability,
incremental
updates,
and
rollback
mechanisms.
scripts.
Repositories
host
signed
indexes
describing
available
packages
and
their
dependencies.
Packages
and
repositories
are
cryptographically
signed
to
ensure
integrity
and
authenticity,
and
transports
typically
require
TLS.
plans
are
designed
to
occur
atomically,
allowing
rollbacks
if
errors
arise.
Pkg5
supports
features
such
as
pinning,
private
repositories,
and
environment-specific
variants.
step.
The
project
also
documents
a
policy
for
vulnerability
reporting
and
package
auditing.
and
it
has
an
active
community
with
forks
and
extensions
on
public
platforms.