Jump to: navigation, search

TL;DR: URLs in Source are one step closer to verify authenticity of sources provided for building in the open Build Service and openSUSE Factory using automated verification methods. GPG signature verification is the next step possible. More complicated verification mechanisms can be used when tarball recompressing is wished for.


The Source and Patch tags within .spec files can contain not just local filenames, but also full URLs. However, rpmbuild does not download the files automatically; instead, it assumes that there is a local filename that is the same as the last component of the Source path.

Automated integrity checking

Specifying the upstream locations allows for the introduction of more automation and especially verification into the openSUSE project's package handling in the future.

Archives having a GPG PKI signature can already be verified by way of gpg-offline (implemented since openSUSE 12.3) and are also verified by the source_validator service for openSUSE Factory beginning mid of 2013. Where no signature is provided, we want at least have a rudimentary check (e.g. looking at SHA checksums) for equality with upstream, so as to report potential compromise of security on either the upstream or openSUSE side.

Semi-automatic updates

For updating with source urls you just need to increase the version, remove the old tarballs, then run osc service localrun, osc addremove, osc vc and osc ci and you are almost done.

Issues with recompression

openSUSE Factory development very strongly recommends to use the upstream provided tarballs unmodified to allow automated verification mechanisms and to increase packaging efficiency.

Certain packages are built from SCM snapshots instead of released tarballs, and thus may not have a common HTTP URI for the archive that would be downloadable (although some web frontends do offer tarball/zip downloads). There are also certain maintainers who wish to recompress {tarballs with a poor algorithm} to something better for space conservation, although in time of fast internet size differences are usually a non-issue. Recompressions methods makes tarball verification difficult if not impossible.

Because many released files use a stream compression that is independent of, and applied on top of the actual file container, such as .tar.gz, .tar.bz2, etc., a validator can still check the authenticity of an archive by looking at the checksum of the uncompressed objects. This still allows to flag archives that maintainers have recompressed the wrong way by way re-creating the underlying tar archive, without having to penalize maintainers that merely changed to on-top compression.

  • WRONG: tar -x foo.tar.bz2; tar -cJf foo.tar.xz foo/;
  • Better: bzip2 -d foo.tar.bz2; xz foo.tar;

In fact, if you are the upstream maintainer for some software and sign your archives with a key, consider signing the .tar archive (producing a .tar.sign/.tar.asc) rather than a particular compression variant (.tar.gz.sig) like the Linux kernel project already does. This makes it possible to verify the archives' authenticity irrespective of chosen compression algorithm(s).

The URL to the original archive can easily be supplied by an extra line in the .spec file, which is in fact what has been used in a handful of packages, where a #DL-URL: line is present. Alternate ways of storing the URI to the original are thinkable; this is up to the implementors of the final solution. As such, there is no justification for requiring URLs in the Source tag.

A potential way of pulling all of this off together is via Source Services; a _service file like

        <service name="download_url" mode="localonly">
                <param name="protocol">ftp</param>
                <param name="host"></param>
                <param name="path">/pub/gap/gap4/tar.bz2/packages/Alnuth-3.0.0.tar.bz2</param>
        <service name="recompress" mode="localonly">
                <param name="file">*.tar</param>
                <param name="compression">none</param>
        <service name="verify_file" mode="localonly">
                <param name="file">_service:recompress:Alnuth-3.0.0.tar</param>
                <param name="verifier">sha256</param>
                <param name="checksum">7203be33535135af16ba1a1479b057ec5fe4048c628d6d9bd2926824a017b477</param>
        <service name="recompress" mode="localonly">
                <param name="file">*.tar</param>
                <param name="compression">xz</param>

will do this. However, the drawback here is that this would cause osc to download the files everytime someone attempts a build, which increases build time, puts additional load on the origin servers (and their bills, where applicable). In addition, Factory disallows services such that server-side runs are not permitted, necessiting mode="buildtime", mode="localonly" or mode="disabled", therefore rendering the validation quite moot.

More plans are therefore needed.


  • Table for documenting if specfiles contain direct links to the sources
  • The purpose of this is to have direct links to the sources in the end

Table of affected packages

Package name Contains Url as Source Comments
DirectFB Yes
ImageMagick Yes
LibVNCServer Yes
Mesa Yes
NetworkManager Yes
NetworkManager-openvpn Yes
NetworkManager-pptp Yes
NetworkManager-vpnc Yes
OpenPrintingPPDs No Could not find Url
PackageKit Yes
SuSEfirewall2 No No Url
a2ps Yes
aaa_base No No direct link, Only github
aalib Yes Submit accepted
acl Yes
acpica No Request declined
adns Yes accepted
alsa Yes
alsa-oss Yes
alsa-plugins Yes
alsa-utils Yes
antlr No Only Url to newer source
apache-commons-io Yes No Url
apache-commons-logging Yes
appres Yes
asciidoc Yes accepted
aspell Yes
at No Only link to newer sources
at-spi2-atk Yes
at-spi2-core Yes
atk Yes
atkmm Yes
attica Yes
attr Yes
audiofile Yes
audit Yes
augeas Yes
autoconf Yes Accepted
autoconf213 Yes Accepted
autofs Yes
automake No Accepted
automoc4 Yes Accepted
autoyast2 No No Url
avahi Yes
avahi-glib2 Yes
avalon-framework Yes Request open
babl Yes
bash Yes
bc Yes
bdfresize Yes
bdftopcf Yes
bea-stax No Only url to newer sources
beforelight Yes
bind Yes
binutils No Problems with serviceruns format_package in and download_files together
bison Yes Accepted
bitmap Yes
blocxx No No direct url, only svn repo
bluez Yes Submit Request
boost No Accepted
bootcycle No No Url
branding-openSUSE No No downloadable Url, only git
bridge-utils Yes Accepted
brp-check-suse No No Url
brp-extract-appdata No No Url
build No No Url
build-compare No No Url
bundle-lang-common No No Url
bzip2 Yes Accepted
ca-certificates No No direct url, only git
ca-certificates-mozilla No
cairo Yes
cairomm Yes Submitted request
cantarell-fonts Yes
cdparanoia Yes Accepted
celt Yes
check Yes
checkmedia No No Url
cifs-utils Yes Requested
cloog No only newer source url available upstream
clucene-core No No direct Url, only git
cmake Yes
colord Yes
coreutils Yes Requested
corosync Yes requested
cpio Yes requested
cracklib Yes
cracklib-dict-full No No Source: or Source0: rest, except pt_BR and es-wordlist.gz, of the sources are already linked
crda Yes Requested
cronie Yes requested
cryptsetup Yes
cryptsetup-mkinitrd No No direct link, only git
ctags Yes requested
ctdb No Only newer sources upstream
cups Yes requested
cups-pk-helper Yes
curl Yes
cvs Yes requested
cyrus-sasl No
daps Yes requested
dbus-1 Yes
dbus-1-glib Yes
dbus-1-python Yes
dbus-1-x11 Yes
dconf Yes
dejagnu Yes requested
dejavu-fonts Yes
deltarpm No only git sources
desktop-data-openSUSE No No Url
desktop-file-utils Yes
desktop-translations No No Url
dhcpcd No Only svn repo
dia Yes
dialog Yes
diffstat Yes
diffutils Yes requested
ding-libs No Couldn't find Link to source
dirmngr Yes
dmidecode Yes requested
dmraid Yes
dmz-icon-theme-cursors No upstream sources differ
docbook-dsssl-stylesheets Yes
docbook-utils Yes
docbook-xsl-stylesheets Yes
docbook_3 Yes
docbook_4 No Links are there
dos2unix Yes
dosfstools Yes requested
doxygen Yes requested
e2fsprogs Yes
ed Yes requested
editres Yes
efibootmgr Yes
efont-unicode-bitmap-fonts Yes
eject Yes requested
elfutils Yes requested
emacs Yes
enca Yes requested
enchant Yes requested
epydoc Yes requested
esound Yes
ethtool Yes
expat Yes requested
expect Yes requested
fam Yes
fastjar Yes requested
fbset Yes requested
fdupes Yes
fftw3 Yes
file Yes
filesystem No no sources
fillup No no Url
findutils Yes requested
finger No no Url
flac No only git sources
flex Yes
fltk Yes
font-util Yes requested
fontconfig Yes
fontpackages No no Url
fonts-config No No Url
fonttosfnt Yes
foomatic-filters Yes requested
freetype2 Yes
fribidi Yes requested
fslsfonts Yes
fstobdf Yes
ft2demos Yes
fuse Yes requested
gawk Yes requested
gc Yes
gcc No
gcc47 No where is link to snapshot?
gccmakedep Yes
gconf2 Yes
gcr Yes
gd No upstream url not available at the moment
gdbm Yes
gdk-pixbuf Yes
gegl Yes
geoclue Yes requested
gettext-runtime Yes requested
gfxboot No no Url to sources
ghostscript Yes requested
ghostscript-fonts No suggested mirror is down, asked maintainer
ghostscript-mini Yes
giflib Yes requested
gimp Yes
glamor No requested
glib-networking Yes
glib2 Yes
glib2-branding-openSUSE No internal
glibc No git source
glibmm2 Yes
glu Yes
gmp No requested
gnome-common Yes
gnome-desktop Yes
gnome-desktop2 Yes requested
gnome-doc-utils Yes
gnome-icon-theme Yes
gnome-keyring Yes
gnome-patch-translation No internal
gnome-vfs2 Yes
gnu-efi Yes
gnu-free-fonts Yes
gnu-unifont-bitmap-fonts No could not find Url
gnutls Yes
gobject-introspection Yes
google-droid-fonts No could not find url
gpart Yes requested
gperf Yes
gpg-offline No probably internal?
gpg2 Yes requested
gpm Yes no direct url, only git
gptfdisk Yes requested
graphviz Yes
grep Yes requested
groff Yes
grub Yes requested
grub2 No upstream sources differ
gsettings-desktop-schemas Yes
gsl Yes
gstreamer Yes
gstreamer-0_10 Yes
gstreamer-0_10-plugins-base Yes
gstreamer-plugins-base Yes
gtk-doc Yes
gtk2 Yes
gtk2-branding-openSUSE No internal
gtk3 Yes
gtk3-branding-openSUSE No internal
gtkmm2 Yes
gv Yes requested
gvfs Yes
gxditview Yes
gzip Yes requested
harfbuzz Yes
haveged Yes
hdparm Yes
help2man Yes
hicolor-icon-theme Yes requested
hicolor-icon-theme-branding-openSUSE No internal
hplip Yes
hunspell Yes requested
hwinfo No only git
i2c-tools Yes requested
iceauth Yes
icewm Yes requested
icewm-lite Yes requested
ico Yes
icu Yes
ifplugd Yes requested
ilmbase Yes requested
imake Yes
imlib2 Yes requested
initviocons No only svn
inkscape Yes
insserv-compat No internal
intel-gpu-tools No local and remote upstream sources differ
intlfonts No requested
intltool Yes requested
iproute2 No local and remote upstream sources differ
iptables Yes
iputils Yes
irqbalance Yes requested
iso_ent Yes
itstool Yes
jack Yes requested
jasper Yes requested
java-1_7_0-openjdk Yes requested
jbigkit Yes requested
jing Yes
jline Yes
joe Yes
jpackage-utils No couldn't find any sources
js Yes
json-c Yes
kbd No requested
kde4-filesystem No no Source tarball
kdebase4-workspace Yes requested
kdelibs4 Yes requested
kernel-default Yes
kernel-desktop Yes
kernel-source Yes
kernel-syms No No sources, only placeholder to group build dependencies for all kernel-flavors
kernel-xen Yes
kexec-tools Yes requested
keyutils Yes
kmod Yes
krb5 No
krb5-mini No
ksh No upstream requires license agreement (through formal login) to download sources
lapack Yes
latex2html Yes requested
lbxproxy Yes
lcms Yes requested
lcms2 Yes
ldapcpplib No no upstream sources (sources by rhafer)
ldb Yes
less Yes
libEMF Yes requested
libFS Yes
libHX Yes
libICE Yes
libQtWebKit4 No sources are on git
libSM Yes
libWindowsWM Yes requested
libX11 Yes requested
libXScrnSaver Yes
libXTrap Yes
libXau Yes
libXaw Yes
libXcliplist No no sources found
libXcomposite Yes requested
libXcursor Yes
libXdamage Yes requested
libXdmcp Yes
libXevie Yes requested
libXext Yes
libXfixes Yes requested
libXfont Yes
libXfontcache Yes requested
libXft Yes
libXi Yes
libXinerama Yes
libXmu Yes
libXp Yes
libXpm Yes
libXprintAppUtil Yes requested
libXprintUtil Yes requested
libXrandr Yes
libXrender Yes
libXres Yes
libXt Yes
libXtst Yes
libXv Yes
libXvMC Yes
libXxf86dga Yes
libXxf86misc Yes requested
libXxf86vm Yes
libaio No could't find upstream sources
libao Yes requested
libarchive Yes
libart_lgpl Yes
libassuan Yes
libatasmart Yes
libbluray Yes
libbonobo Yes requested
libbonoboui Yes requested
libcamgm No internal package
libcanberra Yes
libcap Yes
libcap-ng Yes
libcap1 Yes
libcares2 Yes
libcddb Yes requested
libcdio Yes
libcdio-paranoia Yes
libcroco Yes
libdaemon No only git sources
libdatrie Yes requested
libdb-4_8 No couldnt find sources
libdbi Yes
libdbusmenu-qt Yes
libdlm No No sources found
libdmx Yes
libdnet Yes
libdrm Yes
libedit No Old snapshot sources
libee Yes
libelf0 Yes requested
liberation-fonts No no equal sources found
libesmtp No upstream download server not responding (
libestr Yes
libevent Yes
libexif Yes
libffi47 No gcc snapshot sources
libfontenc Yes
libgcj47 No gcc snapshot sources
libgcrypt Yes
libgdiplus0 Yes requested
libglade2 Yes
libgnome Yes requested
libgnome-keyring Yes
libgnomecanvas Yes
libgnomeui Yes requested
libgpg-error Yes
libgphoto2 Yes requested
libgpod Yes
libgssglue Yes requested
libgusb Yes
libidl Yes requested
libidn Yes
libieee1284 Yes
libimobiledevice Yes requested
libiniparser Yes
libjpeg-turbo Yes
libkate Yes
libksba Yes
liblbxutil Yes requested
liblognorm Yes
libmicrohttpd Yes
libmng Yes requested
libmodman Yes
libnet Yes
libnettle Yes
libnfnetlink Yes
libnl-1_1 Yes
libnl3 Yes
libnotify Yes
libnscd No couldn't find upstream sources
libogg Yes
liboldX Yes requested
libpcap Yes
libpciaccess Yes
libpipeline Yes requested
libplist Yes requested
libpng12 Yes requested
libpng15 No requested
libproxy Yes
libproxy-plugins Yes
libqca2 Yes
libqt4 Yes Source link already there
libqt4-sql-plugins Yes Source link already there
librcc Yes
librcd0 Yes
libreiserfs Yes
librelp Yes
librpcsecgss Yes
librsvg Yes
libsamplerate Yes
libsatsolver No internal package (fetches from git)
libsecret Yes
libselinux Yes
libsemanage No
libsepol Yes
libsigc++2 Yes
libsmi Yes requested
libsndfile Yes requested
libsolv No internal Package (fetches from git)
libsoup Yes
libssh2_org Yes
libstorage No Internal Package
libtasn1 Yes
libthai Yes
libtheora Yes
libtirpc Yes requested
libtool Yes
liburiparser1 Yes
libusb-1_0 Yes
libusb-compat Yes
libustr Yes
libva Yes
libvdpau Yes
libvisual No Sources are on git
libvnc No couldn't find specific sources
libvorbis Yes requested
libwebkit No package not found in factory
libwebkit3 No package not found in factory
libwebp No
libwmf Yes requested
libwpd Yes requested
libwpg Yes requested
libx86 Yes requested
libx86emu No Sources are on git
libxcb Yes requested
libxkbfile Yes
libxkbui Yes requested
libxml2 Yes
libxslt Yes
libyajl No Sources are on git
libyaml Yes
libyui No Sources on github
libyui-ncurses No git
libyui-ncurses-pkg No git
libyui-qt No git
libyui-qt-pkg No git
libzio Yes requested
libzypp No git sources
limal No svn sources
limal-devtools No svn sources
limal-nfs-server No svn sources
linux-atm No requested
linux-glibc-devel No couldn't find sources
linux32 No ( not responding
lirc Yes
listres Yes
lksctp-tools Yes
llvm No upstream sources differ
lndir Yes
lockdev Yes
logrotate Yes requested
lsb-release No couldn't find sources
lsof No upstream sources differ
lsscsi Yes requested
lua51 No requested
luit Yes requested
lukemftp No requested
lvm2 Yes requested
lynx Yes
lzo Yes requested
m4 Yes
mailx No fetches from cvs
make Yes
makedepend Yes
man Yes requested
man-pages No upstream src differs
man-pages-posix Yes requested
manufacturer-PPDs No no upstream sources, lots of magic to get them
mariadb No couldn't fetch upstream sources
master-boot-code No couldn't find upstream sources
mc Yes
mcelog No git snapshot
mdadm Yes requested
metamail No No upstream
microcode_ctl Yes requested
mkcomposecache Yes
mkfontdir Yes
mkfontscale Yes
mkinitrd No git snapshot
module-init-tools Yes
mono-core No requested
mozilla-nspr Yes
mozilla-nss Yes
mpc No
mpfr No
mpi-selector Yes requested
mplus-fonts Yes
mpt-status Yes requested
mtdev Yes
mtools Yes requested
multipath-tools Yes requested
nano Yes
nasm Yes
ncurses No Uses a snapshot.
net-snmp Yes
net-tools Yes
netcat-openbsd No Uses a CVS snapshot.
netcfg No No source package.
netpbm No Uses a modified tarball.
nfs-utils Yes
nfsidmap Yes
notification-daemon Yes
npapi-sdk No Uses a snapshot from svn.
nss-mdns Yes requested
ntfs-3g_ntfsprogs Yes
ntp Yes
numactl Yes
numlockx Yes
obex-data-server Yes
oclock Yes
open-vm-tools Yes
openSUSE-build-key No No source package.
openais Yes
openexr Yes
openjade Yes
openjpeg Yes
openldap2-client No requested
openmpi Yes
openobex Yes requested
openslp Yes
opensp Yes
openssh Yes
openssh-askpass No Tarball cannot be downloaded from upstream, its stuck.
openssl Yes
opensuse-manuals_en No Uses a snapshot from git.
opie No Upstream URL doesn't resolve.
orbit2 Yes
orc Yes
os-prober Yes
p11-kit Yes
pam No requested
pam-config No Same with pam-modules
pam-modules No Upstream is kukuk, contacted him to upload the tarballs to SUSE ftp.
pango Yes
pangomm Yes
parallel-printer-support No No source package.
parted Yes
patch Yes
patterns No Uses a snapshot from git.
patterns-openSUSE No Uses a snapshot from git.
pax No Upstream is on launchpad apparently but no tarball anywhere.
pciutils Yes
pciutils-ids Yes
pcre Yes
perl Yes
perl-Bit-Vector Yes
perl-Bootloader No No tarball upstream, seems to be a git snapshot.
perl-Carp-Clan Yes
perl-Config-Crontab Yes
perl-Config-IniFiles No Upstream doesn't host old releases.
perl-Crypt-SmbHash Yes
perl-Date-Calc Yes
perl-Devel-Symdump Yes
perl-Digest-HMAC Yes
perl-Digest-MD4 Yes
perl-Digest-SHA1 Yes
perl-Encode-Locale Yes
perl-File-Listing Yes
perl-HTML-Parser Yes
perl-HTML-Tagset Yes
perl-HTTP-Cookies Yes
perl-HTTP-Daemon Yes
perl-HTTP-Date Yes
perl-HTTP-Message Yes
perl-HTTP-Negotiate Yes
perl-IO-stringy Yes
perl-LWP-MediaTypes Yes
perl-List-MoreUtils Yes
perl-Net-DBus Yes
perl-Net-HTTP Yes
perl-NetxAP Yes
perl-Parse-RecDescent Yes
perl-Pod-Coverage Yes
perl-RPC-XML Yes
perl-SGMLS Yes
perl-Sub-Uplevel Yes
perl-Switch Yes
perl-Term-ReadKey Yes
perl-TermReadLine-Gnu Yes
perl-Test-Exception Yes
perl-Test-Pod Yes
perl-Test-Pod-Coverage Yes
perl-URI Yes
perl-WWW-RobotRules Yes
perl-X11-Protocol Yes
perl-X500-DN Yes
perl-XML-LibXML Yes
perl-XML-NamespaceSupport Yes
perl-XML-Parser Yes
perl-XML-SAX Yes
perl-XML-SAX-Base Yes
perl-XML-Simple Yes
perl-XML-Twig Yes
perl-XML-Writer Yes
perl-XML-XPath Yes
perl-YAML-Syck Yes
perl-gettext Yes
perl-libintl-perl Yes
perl-libwww-perl Yes
permissions No Uses a snapshot from git.
pesign No Uses a snapshot from git.
pesign-obs-integration No No source package.
phonon Yes
pinentry Yes
pixman Yes
pkg-config Yes
plotutils Yes requested
plymouth No Uses a snapshot from git
pm-profiler No Uses a snapshot from git
pm-utils No Uses a snapshot from git.
po4a Yes
polkit Yes
polkit-default-privs No No source.
polkit-qt-1 No Specified version does not exist on upstream URL
poppler Yes
poppler-data Yes
popt Yes
post-build-checks No No source
postfix Yes requested
postgresql No Meta package.
postgresql92-libs Yes requested
ppl Yes
ppp Yes
pptp Yes
prctl Yes
procinfo Yes
procmail Yes requested
procps No Old tarball nowhere to be found, new tarball needs patches adjusted.
providers No No upstream.
proxymngr Yes
psmisc Yes
pstoedit Yes
psutils Yes
pth Yes
pulseaudio Yes
python No
python-Cython Yes
python-M2Crypto Yes
python-base No
python-cairo Yes
python-cups Yes
python-docutils Yes
python-gobject Yes
python-gobject2 Yes
python-gtk Yes
python-libxml2 Yes
python-lxml Yes
python-notify Yes
python-numpy Yes
python-pyOpenSSL Yes
python-pycurl Yes
python-qt4 Yes
python-sip Yes
python-smbc Yes
python3-base Yes
qrencode Yes
qt3 No requested
quilt Yes requested
raptor Yes
rasqal Yes
recode Yes
redland Yes
release-notes-openSUSE No No tarball
rendercheck Yes
rgb Yes
rhino No Uses a custom modified tarball
rpcbind No Uses a git snapshot
rpm Yes
rpm-python No
rpmlint-Factory No No source.
rpmlint-mini No No source.
rrdtool Yes
rstart Yes
rsync Yes
rsyslog Yes
rtkit No Uses a git checkout.
ruby No Meta package, no source.
ruby-common No Meta package, no source.
ruby19 Yes
sablot Yes
samba Yes
sane-backends No Tarball is created by cat'ing multiple files
sash Yes
satsolver-bindings No No upstream tarball
sax2 No No upstream tarball
saxon9 Yes
sbc Yes
scout No No upstream tarball.
screen No Not using a release tarball but a VCS checkout from devel repo.
sed Yes
sensors Yes
sessreg Yes
setserial Yes
setxkbmap Yes
sg3_utils Yes
sgml-skel Yes
sgmltool Yes
shadow Yes
shared-desktop-ontologies Yes
shared-mime-info Yes
sharutils Yes
shim No Fetches from git.
showfont Yes
slang Yes
smartmontools Yes
smp_utils Yes
smproxy Yes
soprano Yes
sound-theme-freedesktop Yes
sparse No Uses a service file to fetch from git.
speex Yes
spice-protocol Yes
splashy Yes
sqlite3 Yes
sssd Yes
startup-notification Yes
strace Yes
strigi Yes
sudo Yes
suse-module-tools No No source.
suse-xsl-stylesheets No Url does not exist.
suspend Yes
svg-schema Yes
swig Yes
sysconfig No checked out through git
sysfsutils Yes
syslinux Yes
syslogd No No upstream.
system-config-printer Yes
systemd Yes
systemd-presets-branding-openSUSE No
sysvinit No Can't find authoritative download links
t1lib Yes
t1utils Yes
talloc Yes
tar Yes
tcl Yes
tcpd Yes
tcpdump Yes
tcsh Yes
tdb Yes
telnet Yes
tevent Yes
texinfo Yes
texlive No Specified version doesn't exist upstream
texlive-filesystem No Tarballs are not versioned and changes upstream.
tiff Yes
tightvnc Yes
timezone Yes
timezone-java Yes
tk Yes
trang Yes
transfig Yes
translation-update No
translation-update-upstream No
tunctl Yes
twm Yes
udisks Yes
udisks2 Yes
unixODBC Yes
unzip Yes
update-alternatives Yes
update-desktop-files No
upower Yes
usbmuxd Yes
usbutils Yes
utempter Yes
util-linux Yes
v4l-utils Yes
vaapi-intel-driver Yes
vala Yes
valgrind Yes
viewres Yes
vim Yes
vlan Yes
vorbis-tools Yes
w3m Yes
wdiff Yes
webrtc-audio-processing Yes
wget Yes
wireless-regdb Yes
wireless-tools Yes
wodim Yes
wol Yes
x11-tools No Meta package, no source.
x11perf Yes
xalan-j2 Yes
xauth Yes
xaw3d No Upstream does not exist.
xbacklight Yes
xbiff Yes
xbitmaps Yes
xcalc Yes
xcb-util Yes
xclipboard Yes
xclock Yes
xcmsdb Yes
xcompmgr Yes
xconsole Yes
xcursor-themes Yes
xcursorgen Yes
xdbedizzy Yes
xdg-menu No No known upstream.
xdg-user-dirs Yes
xdg-utils No Uses a service to checkout from git.
xditview Yes
xdm Yes
xdmbgrd No No upstream
xdpyinfo Yes
xedit Yes
xen No Manually checked out.
xerces-j2 No Upstream doesn't provide old tarballs.
xev Yes
xeyes Yes
xf86-input-evdev Yes
xf86-input-joystick Yes
xf86-input-keyboard Yes
xf86-input-mouse Yes
xf86-input-synaptics Yes
xf86-input-vmmouse Yes
xf86-input-void Yes
xf86-input-wacom Yes
xf86-video-ark Yes
xf86-video-ast Yes
xf86-video-ati Yes
xf86-video-chips No Manually checked from git.
xf86-video-cirrus Yes
xf86-video-dummy Yes
xf86-video-fbdev Yes
xf86-video-geode Yes
xf86-video-glint Yes
xf86-video-i128 Yes
xf86-video-intel Yes
xf86-video-mach64 Yes
xf86-video-mga Yes
xf86-video-modesetting Yes
xf86-video-neomagic Yes
xf86-video-nv Yes
xf86-video-qxl Yes
xf86-video-r128 Yes
xf86-video-savage Yes
xf86-video-siliconmotion Yes
xf86-video-sis Yes
xf86-video-sisusb Yes
xf86-video-tdfx Yes
xf86-video-tga Yes
xf86-video-v4l Yes
xf86-video-vesa Yes
xf86-video-vmware Yes
xf86-video-voodoo Yes
xf86dga Yes
xfd Yes
xfindproxy Yes
xfontsel Yes
xfs Yes
xfsinfo Yes
xfwp Yes
xgamma Yes
xgc Yes
xhost Yes
xinetd Yes
xinit Yes
xinput Yes
xkbcomp Yes
xkbevd Yes
xkbprint Yes
xkbutils Yes
xkeyboard-config Yes
xkill Yes
xli No Upstream does not exist.
xload Yes
xlogo Yes
xlsatoms Yes
xlsclients Yes
xlsfonts Yes
xmag Yes
xman Yes
xmessage Yes
xml-commons No Exported from SVN manually.
xmlbeans Yes
xmlcharent Yes
xmlgraphics-batik No requested
xmlgraphics-commons Yes
xmlgraphics-fop Yes
xmlto Yes
xmodmap Yes
xmore Yes
xorg-cf-files Yes
xorg-scripts Yes
xorg-sgml-doctools Yes
xorg-x11 No Meta package, no source.
xorg-x11-Xvnc No Checked out from SVN.
xorg-x11-driver-input No Meta package, no source.
xorg-x11-driver-video No Meta package, no source.
xorg-x11-driver-video-nouveau Yes
xorg-x11-fonts Yes
xorg-x11-libX11-ccache Yes
xorg-x11-libs No Meta package, no source.
xorg-x11-proto-devel Yes
xorg-x11-server Yes
xorg-x11-util-devel No Meta package. No source.
xplsprinters Yes
xpr Yes
xprehashprinterlist Yes
xprop Yes
xrandr Yes
xrdb Yes
xrefresh Yes
xrestop Yes
xrx Yes
xscope Yes
xset Yes
xsetmode Yes
xsetpointer Yes
xsetroot Yes
xsm Yes
xstdcmap Yes
xterm Yes
xtermset Yes
xtrans Yes
xtrap Yes
xvidtune Yes
xvinfo Yes
xwd Yes
xwininfo Yes
xwud Yes
xz Yes
yasm Yes
yast2 No
yast2-add-on No
yast2-backup No
yast2-bootloader No
yast2-branding-openSUSE No
yast2-ca-management No
yast2-control-center No
yast2-core No
yast2-country No
yast2-dbus-client No
yast2-firewall No
yast2-hardware-detection No
yast2-inetd No
yast2-installation No
yast2-irda No
yast2-iscsi-client No
yast2-kerberos-client No
yast2-ldap No
yast2-ldap-client No
yast2-ldap-server No
yast2-mail No
yast2-metapackage-handler No
yast2-mouse No
yast2-network No
yast2-nfs-client No
yast2-nfs-server No
yast2-nis-client No
yast2-ntp-client No
yast2-online-update No
yast2-packager No
yast2-pam No
yast2-perl-bindings No
yast2-printer No
yast2-proxy No
yast2-restore No
yast2-runlevel No
yast2-samba-client No
yast2-samba-server No
yast2-scanner No
yast2-security No
yast2-slp No
yast2-sound No
yast2-storage No
yast2-sudo No
yast2-sysconfig No
yast2-testsuite No
yast2-theme No
yast2-trans No
yast2-trans-allpacks No
yast2-trans-stats No
yast2-transfer No
yast2-tune No
yast2-tv No
yast2-update No
yast2-users No
yast2-vm No
yast2-x11 No
yast2-xml No
yast2-ycp-ui-bindings No
yelp-tools Yes
yodl Yes
yp-tools Yes
ypbind Yes
zip Yes
zisofs-tools No
zlib Yes
zsh Yes
zypper No
zziplib Yes