| 1 |
commit: 378f8dbc158620489965f1cf5bd6abe30a5f93c6 |
| 2 |
Author: Michał Górny <mgorny <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sun Nov 5 21:11:03 2017 +0000 |
| 4 |
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Nov 5 21:11:03 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/data/glep.git/commit/?id=378f8dbc |
| 7 |
|
| 8 |
glep-0074: More suggestions from Robin H. Johnson |
| 9 |
|
| 10 |
glep-0074.rst | 61 ++++++++++++++++++++++++++++++++++------------------------- |
| 11 |
1 file changed, 35 insertions(+), 26 deletions(-) |
| 12 |
|
| 13 |
diff --git a/glep-0074.rst b/glep-0074.rst |
| 14 |
index e4d6a80..aae8fcf 100644 |
| 15 |
--- a/glep-0074.rst |
| 16 |
+++ b/glep-0074.rst |
| 17 |
@@ -125,9 +125,10 @@ that are not otherwise ignored, they need to be covered by an explicit |
| 18 |
|
| 19 |
All the local (non-``DIST``) files covered by a Manifest tree must |
| 20 |
reside on the same filesystem. It is an error to specify entries |
| 21 |
-applying to files on another filesystem. If subdirectories |
| 22 |
-that are not otherwise ignored reside on a different filesystem, they |
| 23 |
-must be explicitly excluded via ``IGNORE``. |
| 24 |
+applying to files on another filesystem. If files or directories that |
| 25 |
+are not otherwise ignored reside on a different filesystem, or symbolic |
| 26 |
+links point to targets on a different filesystem, they must |
| 27 |
+be explicitly excluded via ``IGNORE``. |
| 28 |
|
| 29 |
|
| 30 |
File verification |
| 31 |
@@ -194,7 +195,7 @@ The Manifest files can specify the following tags: |
| 32 |
to detect an outdated repository checkout as described in `Timestamp |
| 33 |
verification`_. |
| 34 |
|
| 35 |
-``MANIFEST <path> <size> <checksums>…`` |
| 36 |
+``MANIFEST <path> <size> <checksums>...`` |
| 37 |
Specifies a sub-Manifest. The sub-Manifest must be verified like |
| 38 |
a regular file. If the verification succeeds, the entries from |
| 39 |
the sub-Manifest are included for verification as described |
| 40 |
@@ -206,12 +207,12 @@ The Manifest files can specify the following tags: |
| 41 |
verification (always pass). *Path* must be a plain file or directory |
| 42 |
path without a trailing slash, and must not contain wildcards. |
| 43 |
|
| 44 |
-``DATA <path> <size> <checksums>…`` |
| 45 |
+``DATA <path> <size> <checksums>...`` |
| 46 |
Specifies a regular file subject to Manifest verification. The file |
| 47 |
is required to pass verification. Used for all files that do not match |
| 48 |
any other type. |
| 49 |
|
| 50 |
-``DIST <filename> <size> <checksums>…`` |
| 51 |
+``DIST <filename> <size> <checksums>...`` |
| 52 |
Specifies a distfile entry used to verify files fetched as part |
| 53 |
of ``SRC_URI``. The filename must match the filename used to store |
| 54 |
the fetched file as specified in the PMS [#PMS-FETCH]_. The package |
| 55 |
@@ -226,15 +227,15 @@ Deprecated Manifest tags |
| 56 |
For backwards compatibility, the following tags are additionally |
| 57 |
allowed at the package directory level: |
| 58 |
|
| 59 |
-``EBUILD <filename> <size> <checksums>…`` |
| 60 |
+``EBUILD <filename> <size> <checksums>...`` |
| 61 |
Equivalent to the ``DATA`` type. |
| 62 |
|
| 63 |
-``MISC <path> <size> <checksums>…`` |
| 64 |
+``MISC <path> <size> <checksums>...`` |
| 65 |
Equivalent to the ``DATA`` type. Historically indicated that |
| 66 |
the package manager may ignore a verification failure if operating |
| 67 |
in non-strict mode. However, that behavior is deprecated. |
| 68 |
|
| 69 |
-``AUX <filename> <size> <checksums>…`` |
| 70 |
+``AUX <filename> <size> <checksums>...`` |
| 71 |
Equivalent to the ``DATA`` type, except that the filename is relative |
| 72 |
to ``files/`` subdirectory. |
| 73 |
|
| 74 |
@@ -314,13 +315,13 @@ of supported algorithms is outside the scope of this specification. |
| 75 |
The algorithm names reserved at the time of writing are: |
| 76 |
|
| 77 |
- ``MD5`` [#MD5]_, |
| 78 |
-- ``RMD160`` — RIPEMD-160 [#RIPEMD160]_, |
| 79 |
+- ``RMD160`` -- RIPEMD-160 [#RIPEMD160]_, |
| 80 |
- ``SHA1`` [#SHS]_, |
| 81 |
-- ``SHA256`` and ``SHA512`` — SHA-2 family of hashes [#SHS]_, |
| 82 |
+- ``SHA256`` and ``SHA512`` -- SHA-2 family of hashes [#SHS]_, |
| 83 |
- ``WHIRLPOOL`` [#WHIRLPOOL]_, |
| 84 |
-- ``BLAKE2B`` and ``BLAKE2S`` — BLAKE2 family of hashes [#BLAKE2]_, |
| 85 |
-- ``SHA3_256`` and ``SHA3_512`` — SHA-3 family of hashes [#SHA3]_, |
| 86 |
-- ``STREEBOG256`` and ``STREEBOG512`` — Streebog family of hashes |
| 87 |
+- ``BLAKE2B`` and ``BLAKE2S`` -- BLAKE2 family of hashes [#BLAKE2]_, |
| 88 |
+- ``SHA3_256`` and ``SHA3_512`` -- SHA-3 family of hashes [#SHA3]_, |
| 89 |
+- ``STREEBOG256`` and ``STREEBOG512`` -- Streebog family of hashes |
| 90 |
[#STREEBOG]_. |
| 91 |
|
| 92 |
The method of introducing new hashes is defined by GLEP 59 [#GLEP59]_. |
| 93 |
@@ -370,9 +371,9 @@ the following content:: |
| 94 |
IGNORE lost+found |
| 95 |
IGNORE packages |
| 96 |
MANIFEST app-accessibility/Manifest 14821 SHA256 1b5f.. SHA512 f7eb.. |
| 97 |
- … |
| 98 |
+ ... |
| 99 |
MANIFEST eclass/Manifest.gz 50812 SHA256 8c55.. SHA512 2915.. |
| 100 |
- … |
| 101 |
+ ... |
| 102 |
|
| 103 |
An example modern Manifest (disregarding backwards compatibility) |
| 104 |
for a package directory would have the following content:: |
| 105 |
@@ -484,15 +485,17 @@ files, and symbolic links to directories are followed as if they were |
| 106 |
regular directories. |
| 107 |
|
| 108 |
Dotfiles are implicitly ignored as that is a common notion used |
| 109 |
-in software written for POSIX systems. All other common filenames |
| 110 |
-require explicit ``IGNORE`` lines. |
| 111 |
+in software written for POSIX systems. All other filenames require |
| 112 |
+explicit ``IGNORE`` lines. |
| 113 |
|
| 114 |
An ability to inject additional ignore entries is provided to account |
| 115 |
-for site configuration affecting the repository tree — placing |
| 116 |
+for site configuration affecting the repository tree -- placing |
| 117 |
additional files in it, skipping some of the categories from syncing. |
| 118 |
+This configuration can extend beyond the limits of this GLEP, |
| 119 |
+e.g. by allowing wildcards or regular expressions. |
| 120 |
|
| 121 |
The algorithm is restricted to work on a single filesystem. This is |
| 122 |
-mostly relevant when scanning for top-level Manifest — we do not want |
| 123 |
+mostly relevant when scanning for top-level Manifest -- we do not want |
| 124 |
to cross filesystem boundaries then. However, to ensure consistent |
| 125 |
bidirectional behavior we need to also ban them when operating downwards |
| 126 |
the tree. |
| 127 |
@@ -551,9 +554,11 @@ However, the usefulness of ``MISC`` in both cases is doubtful. |
| 128 |
The cases for stripping unnecessary files mostly focused around space |
| 129 |
savings. For this purpose, stripping ``metadata.xml`` and similar files |
| 130 |
has little value. It is much more common for users to strip whole |
| 131 |
-categories which can not be handled via the ``MISC`` type, and needs |
| 132 |
-a dedicated package manager mechanism. The same mechanism can also |
| 133 |
-handle files that used the ``MISC`` type. |
| 134 |
+packages or categories. The ``MISC`` type is not suitable for that, |
| 135 |
+and so a dedicated package manager mechanism needs to be developed |
| 136 |
+instead; possibly combining it with rsync exclusion list. The same |
| 137 |
+mechanism can also handle files that historically used the ``MISC`` |
| 138 |
+type. |
| 139 |
|
| 140 |
The cases for autogenerated files involve such cache files |
| 141 |
as ``use.local.desc``. However, we can not include ``md5-cache`` there |
| 142 |
@@ -673,8 +678,8 @@ in a single file inside the package directory. It has been specifically |
| 143 |
pointed out that: |
| 144 |
|
| 145 |
- since distfiles are sometimes reused across different packages, |
| 146 |
- the repeating checksums are redundant, |
| 147 |
- |
| 148 |
+ the repeating checksums are redundant [#DIST]_. |
| 149 |
+ |
| 150 |
- mirror admins were interested in the possibility of verifying all |
| 151 |
the distfiles with a single tool. |
| 152 |
|
| 153 |
@@ -833,7 +838,7 @@ References |
| 154 |
.. [#WHIRLPOOL] The WHIRLPOOL Hash Function |
| 155 |
(http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html) |
| 156 |
|
| 157 |
-.. [#BLAKE2] BLAKE2 — fast secure hashing |
| 158 |
+.. [#BLAKE2] BLAKE2 -- fast secure hashing |
| 159 |
(https://blake2.net/) |
| 160 |
|
| 161 |
.. [#SHA3] FIPS PUB 202: SHA-3 Standard: Permutation-Based Hash |
| 162 |
@@ -846,6 +851,10 @@ References |
| 163 |
.. [#C08] Cappos, J et al. (2008). "Attacks on Package Managers" |
| 164 |
(https://www2.cs.arizona.edu/stork/packagemanagersecurity/attacks-on-package-managers.html) |
| 165 |
|
| 166 |
+.. [#DIST] According to Robin H. Johnson, 8.4% of all DIST entries |
| 167 |
+ at the time of writing are duplicate, representing a 2 MiB |
| 168 |
+ out of 25 MiB of DIST entries altogether. |
| 169 |
+ |
| 170 |
.. [#GEMATO] gemato: Gentoo Manifest Tool |
| 171 |
(https://github.com/mgorny/gemato/) |
Archives