diff --git a/basic/srv/vm/config.json b/basic/srv/vm/config.json
index aeda6b4..d487a4c 100644
--- a/basic/srv/vm/config.json
+++ b/basic/srv/vm/config.json
@@ -4,12 +4,17 @@
         "email": "admin@example.com",
         "gmaps-api-key": ""
     },
-    "packages": {},
     "host": {
-        "repo": "https://dl.dasm.cz/spotter-repo",
         "adminpwd": "$2b$12$nLrIefUoWN.pK6j90gsfkO0/tg4EGXDmdjN8HOGB0U.9BcHTFxzWS",
         "domain": "spotter.vm",
         "firstrun": true,
         "port": "443"
+    },
+    "packages": {},
+    "pending-packages": {},
+    "repo": {
+        "pwd": "",
+        "url": "https://dl.dasm.cz/spotter-repo",
+        "user": ""
     }
 }
diff --git a/basic/srv/vm/mgr/pkgmgr.py b/basic/srv/vm/mgr/pkgmgr.py
index 122168d..f84510c 100644
--- a/basic/srv/vm/mgr/pkgmgr.py
+++ b/basic/srv/vm/mgr/pkgmgr.py
@@ -23,26 +23,28 @@ class PackageManager:
     def __init__(self):
         # Load JSON configuration
         self.conf = Config()
-        self.repo_url = self.conf['host']['repo']
         self.online_packages = {}
 
+    def get_repo_resource(self, url, stream=False):
+        return requests.get('{}/{}'.format(self.conf['repo']['url'], url), auth=(self.conf['repo']['user'], self.conf['repo']['pwd']), stream=stream)
+
     def fetch_online_packages(self):
         # Fetches and verifies online packages. Can raise InvalidSignature
-        packages = requests.get('{}/packages'.format(self.repo_url)).content
-        packages_sig = requests.get('{}/packages.sig'.format(self.repo_url)).content
+        packages = self.get_repo_resource('packages').content
+        packages_sig = self.get_repo_resource('packages.sig').content
         with open(PUB_FILE, 'rb') as f:
             pub_key = load_pem_public_key(f.read(), default_backend())
         pub_key.verify(packages_sig, packages, ec.ECDSA(hashes.SHA512()))
         self.online_packages = json.loads(packages)
 
     def install_package(self, name):
-        # Main installation function. Wrapper for download, install script and registration
+        # Main installation function. Wrapper for download, registration and install script
         self.fetch_online_packages()
         for dep in self.get_deps(name):
             if dep not in self.conf['packages']:
                 self.download_package(dep)
-                self.run_install_script(dep)
                 self.register_package(dep)
+                self.run_install_script(dep)
 
     def uninstall_package(self, name):
         # Main uninstallation function. Wrapper for uninstall script, filesystem purge and unregistration
@@ -54,7 +56,7 @@ class PackageManager:
     def download_package(self, name):
         # Downloads, verifies, unpacks and sets up a package
         tmp_archive = tempfile.mkstemp('.tar.xz')[1]
-        r = requests.get('{}/{}.tar.xz'.format(self.repo_url, name), auth=('test', 'txUqqZLaM.Z;3E2E'), stream=True) # TODO: Remove the testing password
+        r = self.get_repo_resource('{}.tar.xz'.format(name), True)
         with open(tmp_archive, 'wb') as f:
             for chunk in r.iter_content(chunk_size=65536):
                 if chunk: