The spf-install program

spf-install [$SP_ROOT]/package/host/[+spf+tag][-2.0[+spf+tag]] [...]

spf-install installs one or more packages. Each argument names a package directory. By default, spf-install will:

You can alter this behavior by setting these environment variables:

If the package declares any dependencies, those will be automatically installed first, if they are not already installed.

spf-install stores temporary files in $TMPDIR (defaulting to /tmp).

A note on security: if you run spf-install as root with $SP_COMPILE_USER=somebody, then spf-install will not run any code from the package as root, so you only need to trust spftools and the spf build script for the package, not the package's own build machinery. However, package/own may add setuid bits to some of the installed programs. Ideally, there should be some sort of automatic signature verification, but I'm not sure how it should work.