diff --git a/basic/srv/vm/mgr/pkgmgr.py b/basic/srv/vm/mgr/pkgmgr.py
index 0ac788f..48fc80b 100644
--- a/basic/srv/vm/mgr/pkgmgr.py
+++ b/basic/srv/vm/mgr/pkgmgr.py
@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 
+import hashlib
 import json
 import os
 import requests
@@ -30,21 +31,21 @@ class PackageManager:
         with open(CONF_FILE, 'w') as f:
             json.dump(self.conf, f, sort_keys=True, indent=4)
 
-    def get_online_packages(self):
+    def fetch_online_packages(self):
         # Fetches and verifies online packages. Can raise InvalidSignature
         packages = requests.get('{}/packages'.format(self.repo_url)).content
         packages_sig = requests.get('{}/packages.sig'.format(self.repo_url)).content
         with open(PUB_FILE, 'rb') as f:
             pub_key = load_pem_public_key(f.read(), default_backend())
         pub_key.verify(packages_sig, packages, ec.ECDSA(hashes.SHA512()))
-        return json.loads(packages)
+        self.online_packages = json.loads(packages)
 
     def install_package(self, name):
-        self.online_packages = get_online_packages()
+        self.fetch_online_packages()
         for dep in self.get_deps(name):
             if dep not in self.conf['packages']:
-                self.download_package(name)
-                self.register_package(name)
+                self.download_package(dep)
+                self.register_package(dep)
                 self.setup_package()
 
     def download_package(self, name):
@@ -67,7 +68,7 @@ class PackageManager:
         self.conf['packages'][name] = {
             'version': metadata['version'],
         }
-        if 'host' in self.online_packages[name]:
+        if 'host' in metadata:
             self.conf['apps'][name] = {
                 'title': metadata['title'],
                 'host': metadata['host'],