1 |
On Thu, Jul 26, 2012 at 2:26 PM, Rich Freeman <rich0@g.o> wrote: |
2 |
> I've been messing around with namespaces and some of what systemd has |
3 |
> been doing with them, and I have an idea for a portage feature. |
4 |
> |
5 |
> But before doing a brain dump of ideas, how useful would it be to have |
6 |
> a FEATURE for portage to do a limited-visibility build? That is, the |
7 |
> build would be run in an environment where the root filesystem appears |
8 |
> to contain everything in a DEPEND (including @system currently) and |
9 |
> nothing else? It might be useful both in development/testing, and |
10 |
> also in production use (not sure how performance would work in the |
11 |
> real world - I was able in a script to get it to build an enviornment |
12 |
> in a few seconds for a few packages). |
13 |
|
14 |
I very much like this, as it'd greatly simplify identifying any |
15 |
unintended or unrecognized dependencies in my code. Furthermore, if |
16 |
the mechanism for identifying and declaring specified-required content |
17 |
can be generalized, this would make distributed builds potentially |
18 |
more efficient by allowing the dispatching host to distribute the |
19 |
necessary header and library files to the machines doing the building. |
20 |
(Really, this observation is more about simply making the information |
21 |
available; distcc could consume that information if someone chose to |
22 |
do the work to add that functionality.) |
23 |
|
24 |
> I really crazy idea would be to try to run packages in a similar |
25 |
> environment, but I think that needs better kernel/etc level support |
26 |
> since the performance hit would be much more noticeable, except for |
27 |
> things like daemons that only start once. |
28 |
> |
29 |
> Implementing it wouldn't necessarily be hard - just create a tmpfs |
30 |
> under /var/tmp/portage, unshare off a new mount namespace, and |
31 |
> read-only bind-mount everything needed from the root filesystem |
32 |
> (including /var/tmp/portage/...), and chroot into it. When the build |
33 |
> is done the process governing it terminates and the kernel wipes out |
34 |
> all the mounts and then portage unmounts the tmpfs. You wouldn't need |
35 |
> to use a tmpfs for the build - it would actually be zero-size as |
36 |
> reported by df since it just contains a bazillion bind mounts, though |
37 |
> all those mounts would consume slab memory. |
38 |
> |
39 |
> Thoughts? |
40 |
|
41 |
You've done 90% of the conceptual work needed for an idea I had; I've |
42 |
wanted to do something similar at the 'make' level, to make |
43 |
identifying and fixing broken parallel build systems easier. If I |
44 |
could limit a make instance to only be able to see consequences of |
45 |
jobs it declared as dependencies, that'd go a long way. I was going to |
46 |
go by way of FUSE for this, though... |
47 |
|
48 |
-- |
49 |
:wq |