# Pakto
[](https://opensource.org/licenses/MIT)
[](https://www.python.org/downloads/)
[](https://github.com/astral-sh/ruff)
>_(pronounced "pack-toe")_
**Pakto** is a command-line tool for bundling and distributing software as OCI (Open Container Initiative) artifacts. It provides a comprehensive solution for creating, managing, and deploying software bundles with enterprise-grade security and compliance features.
Pakto is designed for both developers building bespoke systems (particularly in airgapped environments) and their customers who need reliable, reproducible software deployments. It enables seamless software distribution from development environments to production systems, ensuring consistency and traceability across the entire deployment pipeline.
## ๐ Features
- **OCI-Native Bundling**: Create and manage software bundles as OCI artifacts
- **Multi-Artifact Support**: Bundle containers, files, and other artifacts in a single package
- **Registry Integration**: Push and pull bundles from OCI-compatible registries
- **Security & Compliance**: Built-in SBOM generation and integrity verification
- **Offline Capabilities**: Build and verify bundles without network access
- **Template System**: Scaffold new bundles with predefined templates
- **Variable Substitution**: Dynamic configuration with templating support
- **Airgapped Deployment**: Designed for secure, isolated environments
## ๐ Requirements
- Python 3.11 or higher
- `uv` package manager (recommended) or `pip`
## ๐ ๏ธ Installation
### Using uv (Recommended)
```bash
# Install from PyPI
uv tool install pakto
# Or install from source
git clone https://github.com/wixregiga/pakto.git
cd pakto
uv pip install -e .
```
### Using pip
```bash
pip install pakto
```
## ๐ฏ Quick Start
### 1. Initialize a New Bundle
```bash
# Create a new bundle project
pakto bundle init my-application
# Or initialize in current directory
pakto bundle init
```
### 2. Build Your Bundle
```bash
# Build from manifest file
pakto bundle build -f my-application.pakto.yml
# Or build from lockfile
pakto bundle build -f my-application.lock
```
### 3. Push to Registry
```bash
# Push to registry
pakto bundle push my-application.bundle registry.example.com/my-application:v1.0.0
```
### 4. Pull and Apply
```bash
# Pull from registry
pakto bundle pull registry.example.com/my-application:v1.0.0
# Apply bundle (extract and execute)
pakto bundle apply my-application.bundle
```
## ๐ Usage
### Bundle Commands
| Command | Description |
|---------|-------------|
| `init` | Scaffold a starter manifest file |
| `build` | Build a .bundle file from manifest or lockfile |
| `verify` | Verify bundle integrity and contents |
| `push` | Push a bundle to an OCI registry |
| `pull` | Pull a bundle from an OCI registry |
| `extract` | Extract bundle contents |
| `info` | Show bundle information |
| `apply` | Extract artifacts and execute entrypoints |
### Bundle Management
```bash
# List bundle contents (inclide `--json` for more detailed output)
pakto bundle info my-application.bundle
# Extract bundle to directory
pakto bundle extract my-application.bundle ./extracted/
# Verify bundle integrity
pakto bundle verify my-application.bundle
```
### Configuration
```bash
# View current configuration
pakto config show
# Set registry default
pakto config set registry.default registry.example.com
```
## ๐ Manifest Format
Pakto uses YAML manifests to define bundle contents and metadata:
```yaml
apiVersion: pakto.warrical.com/v1alpha1
kind: Manifest
metadata:
name: my-application
version: 1.0.0
description: "My application bundle"
category: application
variables:
app_version: 2.1.0
base_image: alpine:3.18
entrypoint:
script: "install.sh"
mode: "0755"
artifacts:
- name: my-app-{{metadata.version}}
origin: oci://docker.io/myorg/myapp:{{variables.app_version}}
target: my-app-{{metadata.version}}.tar
- name: config-files
origin: local://./config/
target: config/
```
## ๐ง Configuration
Pakto can be configured via environment variables or a configuration file (`/etc/pakto/pakto.yaml` or `~/.config/pakto/pakto.yaml`):
```yaml
registry:
default: registry.example.com
auth:
username: ${PAKTO_REGISTRY_USERNAME}
password: ${PAKTO_REGISTRY_PASSWORD}
security:
verify_signatures: true
verify_hashes: true
attach_sbom: true
attach_attest: true
build:
workers: 4
offline: false
```
### Environment Variables
| Variable | Description | Default |
|----------|-------------|---------|
| `PAKTO_REGISTRY_DEFAULT` | Default registry host | - |
| `PAKTO_REGISTRY_USERNAME` | Registry username | - |
| `PAKTO_REGISTRY_PASSWORD` | Registry password | - |
| `PAKTO_BUILD_OFFLINE` | Disable network during build | false |
## ๐ Security Features
- **Hash Verification**: SHA-256 integrity checks for all artifacts
- **SBOM Generation**: Automatic Software Bill of Materials creation
- **Content Verification**: Verify bundle contents and metadata
- **Offline Security**: Secure operation in airgapped environments
## ๐งช Testing
Run the test suite:
```bash
# Run all tests
uv run pytest -v --tb=short --disable-warnings
# Run specific test file
uv run pytest -v --tb=short --disable-warnings tests/test_pack_service_integration.py
```
**Note**: The full test suite requires a running zot-registry instance for integration tests. Some tests will be skipped if zot-registry is not available.
## ๐ Documentation *[WIP]*
## ๐ค Contributing *[WIP]*
1. Fork the repository
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
3. Commit your changes (`git commit -m 'Add amazing feature'`)
4. Push to the branch (`git push origin feature/amazing-feature`)
5. Open a Pull Request
### Development Setup
```bash
# Clone repository
git clone https://github.com/wixregiga/pakto.git
cd pakto
# Install development dependencies
uv sync --group dev
# Install in development mode
uv pip install -e .
# Run tests
uv run pytest -v
```
## ๐ License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## ๐ค Author
**wixregiga** - [kecyojagi@protonmail.com](mailto:kecyojagi@protonmail.com)
## ๐ Acknowledgments
- OCI (Open Container Initiative) for the artifact specification
- The Python packaging community for inspiration and tools
Raw data
{
"_id": null,
"home_page": null,
"name": "pakto",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9.5",
"maintainer_email": "wixregiga <kecyojagi@protonmail.com>",
"keywords": "airgapped, artifact, bundle, cli, compliance, container, containers, deployment, devops, distribution, enterprise, oci, offline, registry, sbom, security, software-bill-of-materials, software-distribution, templating, verification",
"author": null,
"author_email": "wixregiga <kecyojagi@protonmail.com>",
"download_url": "https://files.pythonhosted.org/packages/39/70/7cec48fcf9d5c5ca37b45634eb3f1ec92ac8e8aa1dae2e8590572a5f7f24/pakto-0.0.1a1.tar.gz",
"platform": null,
"description": "# Pakto\n\n[](https://opensource.org/licenses/MIT)\n[](https://www.python.org/downloads/)\n[](https://github.com/astral-sh/ruff)\n\n>_(pronounced \"pack-toe\")_\n\n**Pakto** is a command-line tool for bundling and distributing software as OCI (Open Container Initiative) artifacts. It provides a comprehensive solution for creating, managing, and deploying software bundles with enterprise-grade security and compliance features.\n\nPakto is designed for both developers building bespoke systems (particularly in airgapped environments) and their customers who need reliable, reproducible software deployments. It enables seamless software distribution from development environments to production systems, ensuring consistency and traceability across the entire deployment pipeline.\n\n## \ud83d\ude80 Features\n\n- **OCI-Native Bundling**: Create and manage software bundles as OCI artifacts\n- **Multi-Artifact Support**: Bundle containers, files, and other artifacts in a single package\n- **Registry Integration**: Push and pull bundles from OCI-compatible registries\n- **Security & Compliance**: Built-in SBOM generation and integrity verification\n- **Offline Capabilities**: Build and verify bundles without network access\n- **Template System**: Scaffold new bundles with predefined templates\n- **Variable Substitution**: Dynamic configuration with templating support\n- **Airgapped Deployment**: Designed for secure, isolated environments\n\n## \ud83d\udccb Requirements\n\n- Python 3.11 or higher\n- `uv` package manager (recommended) or `pip`\n\n## \ud83d\udee0\ufe0f Installation\n\n### Using uv (Recommended)\n\n```bash\n# Install from PyPI\nuv tool install pakto\n\n# Or install from source\ngit clone https://github.com/wixregiga/pakto.git\ncd pakto\nuv pip install -e .\n```\n\n### Using pip\n\n```bash\npip install pakto\n```\n\n## \ud83c\udfaf Quick Start\n\n### 1. Initialize a New Bundle\n\n```bash\n# Create a new bundle project\npakto bundle init my-application\n\n# Or initialize in current directory\npakto bundle init\n```\n\n### 2. Build Your Bundle\n\n```bash\n# Build from manifest file\npakto bundle build -f my-application.pakto.yml\n\n# Or build from lockfile\npakto bundle build -f my-application.lock\n```\n\n### 3. Push to Registry\n\n```bash\n# Push to registry\npakto bundle push my-application.bundle registry.example.com/my-application:v1.0.0\n```\n\n### 4. Pull and Apply\n\n```bash\n# Pull from registry\npakto bundle pull registry.example.com/my-application:v1.0.0\n\n# Apply bundle (extract and execute)\npakto bundle apply my-application.bundle\n```\n\n## \ud83d\udcd6 Usage\n\n### Bundle Commands\n\n| Command | Description |\n|---------|-------------|\n| `init` | Scaffold a starter manifest file |\n| `build` | Build a .bundle file from manifest or lockfile |\n| `verify` | Verify bundle integrity and contents |\n| `push` | Push a bundle to an OCI registry |\n| `pull` | Pull a bundle from an OCI registry |\n| `extract` | Extract bundle contents |\n| `info` | Show bundle information |\n| `apply` | Extract artifacts and execute entrypoints |\n\n### Bundle Management\n\n```bash\n# List bundle contents (inclide `--json` for more detailed output)\npakto bundle info my-application.bundle\n\n# Extract bundle to directory\npakto bundle extract my-application.bundle ./extracted/\n\n# Verify bundle integrity\npakto bundle verify my-application.bundle\n```\n\n### Configuration\n\n```bash\n# View current configuration\npakto config show\n\n# Set registry default\npakto config set registry.default registry.example.com\n```\n\n## \ud83d\udcdd Manifest Format\n\nPakto uses YAML manifests to define bundle contents and metadata:\n\n```yaml\napiVersion: pakto.warrical.com/v1alpha1\nkind: Manifest\nmetadata:\n name: my-application\n version: 1.0.0\n description: \"My application bundle\"\n category: application\n\nvariables:\n app_version: 2.1.0\n base_image: alpine:3.18\n\nentrypoint:\n script: \"install.sh\"\n mode: \"0755\"\n\nartifacts:\n - name: my-app-{{metadata.version}}\n origin: oci://docker.io/myorg/myapp:{{variables.app_version}}\n target: my-app-{{metadata.version}}.tar\n - name: config-files\n origin: local://./config/\n target: config/\n```\n\n## \ud83d\udd27 Configuration\n\nPakto can be configured via environment variables or a configuration file (`/etc/pakto/pakto.yaml` or `~/.config/pakto/pakto.yaml`):\n\n```yaml\nregistry:\n default: registry.example.com\n auth:\n username: ${PAKTO_REGISTRY_USERNAME}\n password: ${PAKTO_REGISTRY_PASSWORD}\n\nsecurity:\n verify_signatures: true\n verify_hashes: true\n attach_sbom: true\n attach_attest: true\n\nbuild:\n workers: 4\n offline: false\n```\n\n### Environment Variables\n\n| Variable | Description | Default |\n|----------|-------------|---------|\n| `PAKTO_REGISTRY_DEFAULT` | Default registry host | - |\n| `PAKTO_REGISTRY_USERNAME` | Registry username | - |\n| `PAKTO_REGISTRY_PASSWORD` | Registry password | - |\n| `PAKTO_BUILD_OFFLINE` | Disable network during build | false |\n\n## \ud83d\udd12 Security Features\n\n- **Hash Verification**: SHA-256 integrity checks for all artifacts\n- **SBOM Generation**: Automatic Software Bill of Materials creation\n- **Content Verification**: Verify bundle contents and metadata\n- **Offline Security**: Secure operation in airgapped environments\n\n## \ud83e\uddea Testing\n\nRun the test suite:\n\n```bash\n# Run all tests\nuv run pytest -v --tb=short --disable-warnings\n\n# Run specific test file\nuv run pytest -v --tb=short --disable-warnings tests/test_pack_service_integration.py\n```\n\n**Note**: The full test suite requires a running zot-registry instance for integration tests. Some tests will be skipped if zot-registry is not available.\n\n## \ud83d\udcda Documentation *[WIP]*\n\n## \ud83e\udd1d Contributing *[WIP]*\n\n1. Fork the repository\n2. Create a feature branch (`git checkout -b feature/amazing-feature`)\n3. Commit your changes (`git commit -m 'Add amazing feature'`)\n4. Push to the branch (`git push origin feature/amazing-feature`)\n5. Open a Pull Request\n\n### Development Setup\n\n```bash\n# Clone repository\ngit clone https://github.com/wixregiga/pakto.git\ncd pakto\n\n# Install development dependencies\nuv sync --group dev\n\n# Install in development mode\nuv pip install -e .\n\n# Run tests\nuv run pytest -v\n```\n\n## \ud83d\udcc4 License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## \ud83d\udc64 Author\n\n**wixregiga** - [kecyojagi@protonmail.com](mailto:kecyojagi@protonmail.com)\n\n## \ud83d\ude4f Acknowledgments\n\n- OCI (Open Container Initiative) for the artifact specification\n- The Python packaging community for inspiration and tools",
"bugtrack_url": null,
"license": "MIT",
"summary": "A CLI tool for bundling and distributing software as OCI artifacts with enterprise-grade security and compliance features",
"version": "0.0.1a1",
"project_urls": {
"Bug Tracker": "https://github.com/wixregiga/pakto/issues",
"Changelog": "https://github.com/wixregiga/pakto/blob/main/CHANGELOG.md",
"Documentation": "https://github.com/wixregiga/pakto#readme",
"Download": "https://github.com/wixregiga/pakto/releases",
"Homepage": "https://github.com/wixregiga/pakto",
"Repository": "https://github.com/wixregiga/pakto.git",
"Source Code": "https://github.com/wixregiga/pakto"
},
"split_keywords": [
"airgapped",
" artifact",
" bundle",
" cli",
" compliance",
" container",
" containers",
" deployment",
" devops",
" distribution",
" enterprise",
" oci",
" offline",
" registry",
" sbom",
" security",
" software-bill-of-materials",
" software-distribution",
" templating",
" verification"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "3507a50a9c3e646b04846ad95ad380b21d12360e8081f3d33a03027df542fbec",
"md5": "c6bf54ad9480e75371285242a678bdfc",
"sha256": "af7490e26776392ebcc83bd2af34e14d5689a2fe4361cec901648c21516d1e2a"
},
"downloads": -1,
"filename": "pakto-0.0.1a1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "c6bf54ad9480e75371285242a678bdfc",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9.5",
"size": 132239,
"upload_time": "2025-08-01T18:27:28",
"upload_time_iso_8601": "2025-08-01T18:27:28.270009Z",
"url": "https://files.pythonhosted.org/packages/35/07/a50a9c3e646b04846ad95ad380b21d12360e8081f3d33a03027df542fbec/pakto-0.0.1a1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "39707cec48fcf9d5c5ca37b45634eb3f1ec92ac8e8aa1dae2e8590572a5f7f24",
"md5": "9f16a0ee251ab06211ebf095e125ce00",
"sha256": "58f83a02daf6d7108a879213725413cb6a3ede7603eabbab1f7190c0b0fc8058"
},
"downloads": -1,
"filename": "pakto-0.0.1a1.tar.gz",
"has_sig": false,
"md5_digest": "9f16a0ee251ab06211ebf095e125ce00",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9.5",
"size": 449319,
"upload_time": "2025-08-01T18:38:03",
"upload_time_iso_8601": "2025-08-01T18:38:03.996177Z",
"url": "https://files.pythonhosted.org/packages/39/70/7cec48fcf9d5c5ca37b45634eb3f1ec92ac8e8aa1dae2e8590572a5f7f24/pakto-0.0.1a1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-08-01 18:38:03",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "wixregiga",
"github_project": "pakto",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "pakto"
}
JSON
