1 |
On Mon, 2006-11-27 at 16:18 +0100, Kevin F. Quinn wrote: |
2 |
> One method could be to snapshot all package versions at the time that |
3 |
> Release Engineering make a release, building a package.mask file out of |
4 |
> it masking out all packages of higher revisions (i.e. having '>CPVR' |
5 |
> entry for every package in the tree in stable, and 'CPVR' if no |
6 |
> versions are stable). |
7 |
|
8 |
It would be infinitely easier to create a tree just for this. |
9 |
|
10 |
> Then, rather than back-port security fixes, this list would be updated |
11 |
> with security-fixed version numbers, along with minimum required updates |
12 |
> to dependent packages. The lists could be stored in the tree; for |
13 |
> example as profiles/default-linux/x86/stable.mask. |
14 |
|
15 |
This is essentially the idea that my release tree uses, except the tree |
16 |
itself is completely stripped down to stable packages. I have a script |
17 |
which already does several things: |
18 |
|
19 |
#1. grabs "best_visible" for stable on each arch |
20 |
#2. repeat for each SLOT |
21 |
#3. purge unnecessary files from FILESDIR |
22 |
#4. strip to only "stable" profiles from profiles.desc |
23 |
#5. purge unnecessary USE from use.local.desc and use.desc |
24 |
#6. strip unused eclasses |
25 |
#7. regenerate Manifest (via ebuild $foo digest) |
26 |
|
27 |
I had also planned on it doing the following, but they haven't been |
28 |
implemented just yet: |
29 |
|
30 |
- strip all USE flags that aren't used from use.mask (per-profile) |
31 |
- strip all packages that aren't available from package.mask |
32 |
(per-profile) |
33 |
|
34 |
What this gives us is a *much* smaller tree, as it only includes stable |
35 |
packages/versions. |
36 |
|
37 |
> Obviously maintaining that list is some work; predominantly watching |
38 |
> the announcements from the security team and fixing up dependencies, |
39 |
> and masking out new packages (for what that's worth). It could be |
40 |
> regenerated on some or all releases, or perhaps on a yearly basis. It |
41 |
> would also mean that versions listed there cannot be removed from the |
42 |
> tree (until they're bumped in the list). |
43 |
|
44 |
Well, the simpler approach was to simply copy over the newer, secure |
45 |
ebuilds, and any required dependencies, into the release tree. There'd |
46 |
be no need to update mask files and such this way. It would also be |
47 |
generated with the releases, automatically. |
48 |
|
49 |
> Some of that maintenance could be tool-assisted; in particular masking |
50 |
> new packages and finding the minimum required bumps to support a |
51 |
> package that was bumped for a security fix. |
52 |
> |
53 |
> People who want to use it could then just soft-link |
54 |
> from /etc/portage/package.mask to that list. |
55 |
> |
56 |
> It's just a suggestion - I'm not prepared to do the work ;) However it |
57 |
> might be a simple but effective method to help people maintain secure |
58 |
> but relatively stable systems, without having to upgrade umpteen |
59 |
> packages a week. |
60 |
|
61 |
Well, I am willing, and have been doing, some of the work. The one |
62 |
disadvantage to my design is it needs infra. It needs it's own |
63 |
repository and rsync. |
64 |
|
65 |
Basically, it makes the system act a bit more like some other |
66 |
development models. We end up with the following: |
67 |
|
68 |
rsync://rsync.gentoo.org/gentoo-portage (this is equivalent to -current) |
69 |
rsync://rsync.gentoo.org/2007.0-release (this is the release tree) |
70 |
|
71 |
Now, the release trees are non-moving. The 2007.0-release tree is |
72 |
*always* the 2007.0-release tree for as long as we decide to support it. |
73 |
Likely, this support period would begin as a single release and get |
74 |
extended as volunteers came around to support it. New releases get |
75 |
their own tree. |
76 |
|
77 |
I also started writing a tool to "upgrade" the distribution. The tool |
78 |
reads pre and post scripts for the upgrade, and performs the necessary |
79 |
steps. Basically, a user can "dist-upgrade 2007.1" and the system |
80 |
would: |
81 |
|
82 |
- switch to the "2007.1" tree and "emerge --sync" |
83 |
- perform all "pre" steps from 2007.1 |
84 |
- update world + revdep-rebuild + whatever else is necessary |
85 |
- perform all "post" steps |
86 |
|
87 |
With this, there would be a special "version" called "current" which |
88 |
would put the user on the "gentoo-portage" tree, AKA the tree we all |
89 |
know and love/loathe. Release trees wouldn't have "arch" and "~arch" as |
90 |
everything would be stable there. Testing would be done in the main |
91 |
tree. This, in essence, gives us "testing", "release candidate" and |
92 |
"stable" environments, with the release trees being stable, and the |
93 |
current tree becoming test/release candidate. Anything marked stable in |
94 |
the current tree would be a candidate for stable in the next release |
95 |
tree. |
96 |
|
97 |
Users who want to use the current portage tree get what they want. |
98 |
Users who want a more stable tree get what they want. Basically, |
99 |
everyone (hopefully) is happy, or at least as happy as we can feasibly |
100 |
make them. |
101 |
|
102 |
-- |
103 |
Chris Gianelloni |
104 |
Release Engineering Strategic Lead |
105 |
Alpha/AMD64/x86 Architecture Teams |
106 |
Games Developer/Council Member/Foundation Trustee |
107 |
Gentoo Foundation |