If a vendor only offers a binary (a common scenario with Go and Rust applications), how do you follow the "Pkg" mantra?
Three months later, Lumina had 100% package coverage. No more curl | bash. No more “works on my machine.” The edge nodes auto-updated from the internal repo. Security scans ran against the manifest’s file list. The audit log became the source of truth for compliance.
One evening, a new engineer named Derek asked Adrian, “Why not just use Docker everywhere?”
Adrian smiled. “Docker is great. But Docker is a runtime. A package is a unit of delivery. You can put a package inside a container. You can put it on a laptop, a VM, a toaster running Linux. It doesn’t need a daemon. It doesn’t need a registry. It just needs a spec and a tool that respects it.”
He opened the internal wiki. The first line of the new deployment guide read:
“If it’s not in a
.lmp, it doesn’t exist.” bin to pkg better
And below that, in smaller type:
“A binary is a guess. A package is a promise. Promises are better.”
Derek nodded. He checked out the lmp source code. The motto was burned into the help text:
$ lmp --help
lmp: bin to pkg better.
From that day on, no binary at Lumina ever walked alone. Every executable had a manifest, a signature, and a home. And Adrian finally slept through the night, because when a server failed, the package didn’t ask what was wrong—it already knew how to fix it.
The end.
That night, Adrian sat in his home office, a graveyard of Red Bull cans and sticky notes. He opened his runbook—a 47-page Google Doc titled “The Lumina Deployment Grimoire.”
To deploy lumina-ingest_2.4.3 to a new box, he had to:
He finished at 3:17 AM. He had not yet added the binary to any kind of rollback plan. He had not signed it. He had not recorded its checksum anywhere except a scribble on a napkin.
“This is insane,” he whispered.
The problem was clear: binaries were atoms—indivisible, opaque, and lonely. But a system needed molecules. Dependencies. Metadata. Hooks. Signatures. A binary just sat there. A package lived. If a vendor only offers a binary (a
He needed to go from bin to pkg, and he needed to do it better.
Software doesn't just run; it needs to start on boot, log to the right places, and run as the correct user.
Winner: Packages integrate software into the OS ecosystem seamlessly.
Packages are signed by maintainers. The package manager verifies the signature before installation. You know that myapp.pkg truly came from the developer, wasn’t corrupted during download, and wasn’t swapped by a man-in-the-middle attack. Raw binaries? You just cross your fingers.
To ensure you are doing this better than the tutorials from 2015, follow this quality checklist: “If it’s not in a