rosdistro VS aptly

I have added their rosdep names (found here) to my packages.xml (see the end of this post), but even after running catkin-make and trying to run the module, the script throws a ModuleNotFound exception at the UTM package meaning that the package was never installed.

I second this. Just remove the package by removing whatever you added to the rosdistro repo when submitting/publishing the package.

The business about mapping from PyPI to system dependencies is an important one, and (having not read the entire thread) I do hope that gets some attention— it's particularly curious that it's been this long and it hasn't, given Python's often-role as a glue language.

Another example of an ecosystem maintaining mappings out to system packages is ROS and rosdep:

https://github.com/ros/rosdistro/blob/master/rosdep/base.yam...

Now it's interesting because ROS is primarily concerned with supplying a sane build-from-source story, so much of what's in the rosdep "database" is the xxxx-dev packages, but in the case of wheels, it would be more about binary dependencies, and those are auto-discoverable with ldd, shlibdeps, and the like. In Debian (and I assume other distros), the binary so packages are literally the library soname + abi versions, so if you have ldd output, you have the list of exactly what to install.

The names you use for the tag (and the other dependency tags in your package.xml) are used by rosdep to figure out what needs to be installed. The name doesn't necessarily correspond to the apt or pip package name, but most of the time it's the same. For example, for matplotlib: https://github.com/ros/rosdistro/blob/24141d9063fddd6eeca7f1db9e721fa8d600c62f/rosdep/python.yaml#L6296

Thanks for the response!

> This is difficult to answer without knowing more details.

The situation specifically is the ROS ecosystem, where metadata is managed in these package.xml files:

https://github.com/ros2/rclcpp/blob/master/rclcpp/package.xm...

The federated nature of the ecosystem has led to a culture where it's very normal to be building dozens of these at once, in the same workspace together, often from multiple repos (the repo above has four in it). So there are several build tools which automate the work of examining a source workspace and building all the packages within it in the correct topological order, respecting build_depend tags. The newest of these tools (colcon) has actually made the package.xml optional in many cases, as it can examine CMakelists, setup.py, BUILD, etc, and discover for itself what the dependencies are.

Your "distribution" of ROS is formed by listing all the packages and repos in this big file, for which there is other tooling to manage pulling dependency sources, whatever: https://github.com/ros/rosdistro/blob/master/foxy/distributi...

Anyway, so the existing ROS/nix efforts (1) seem to basically consume all of this package/distribution metadata at once and generate a giant parallel structure of nix definitions (eg https://github.com/lopsided98/nix-ros-overlay/blob/master/di...), which I fear would be completely opaque to users and any system which required everyone to leave behind these existing workflows would be an immediate non-starter.

I think the ideal scenario (and what it would look like if I built this myself based on debs) would be that you could source the "base" workspace as usual (enter the nix-shell?), and check out source, build packages as usual with colcon, the usual workspace-building tool, but there'd be an extra plugin/verb/flag for it, which would make it build each package as a nix package instead of into the usual installspace. The verb would generate the nix definitions on the fly, and probably handle the invocation and build-parallelism side of it as well.

[1]: https://github.com/acowley/ros2nix, https://github.com/lopsided98/nix-ros-overlay

Thanks for the feedback. I bumped a couple of the core devs and got the change reverted and it is now merged. It should be in the next Noetic release.

You should ask in the upstream bug tracker (is it this one? https://github.com/lubomir-brindza/nautilus-typeahead). First step is to get it to build for Debian manually/locally - i.e. patch the official nautilus Debian package. Then it's easy to setup a personal APT repository with aptly

Exactly what aptly is for. No idea about CentOS side, for that we just had rsync from official repo + some scripts

I'm not sure if this is an option, because it might break the isolation model, but you could setup repo mirrors in whatever tool of choice you like, but for Debian/Ubuntu, I think aptly is really featureful.

I know that it is not directly what you asked about, but without knowing how the signed debs are being used, I can say that if you were to use aptly to create an apt repo to house your debs to then be installed on whatever machines offline (assuming network connectivity, which may be an incorrect assumption), it requires you to sign a published repo/mirror, and also requires you to install and trust the key on any systems that you then want to use to install package unless you specifically use [trusted=yes] in the apt repo list file.

There's also Aptly but I've never used it. Looks neat, though.

I personally just mirror the packages for what ever I'm using with aptly and use the netinstall iso and point it to that local mirror. The netinstall iso will pull any needed updated from the repo.

Take a look at Aptly.

Aptly is a purpose-built DEB content management solution. Never used but I've heard good things.

The last time I got involved in repo/package management, we used aptly Later moved to Jfrog artifactory. The latter is very expensive.There is also pulp some said it is good, which I personally never managed in production environment, so I can't recommend for or against.