| 1 |
Hello all, |
| 2 |
|
| 3 |
In designing an enterprise infrastructure around Gentoo at my place of |
| 4 |
employment, I have discovered a feature that would improve Gentoo's |
| 5 |
usefulness greatly in this field. |
| 6 |
|
| 7 |
I'm writing to ask for your opinion on a change to sys-apps/portage that |
| 8 |
would allow users to maintain local revisions of ebuilds, such as |
| 9 |
"net-www/apache-2.0.58-r2-local1". This would require a modification to |
| 10 |
the ebuild version specifications and a patch to two portage source |
| 11 |
files which you can review here: |
| 12 |
|
| 13 |
http://dev.gentoo.org/~malverian/portage_local_version.patch |
| 14 |
|
| 15 |
(Please don't complain about the code quality, I cleaned up areas where |
| 16 |
it was desparately needed such as the string.atof() areas, but for the |
| 17 |
sake of code coherence, I tried to use the same methodology used elsewhere |
| 18 |
in the code as much as possible, such as unqualified except statements :P) |
| 19 |
|
| 20 |
There are a number of scenarios where such a feature is useful, most of |
| 21 |
which revolve around the need for a local version bump: |
| 22 |
|
| 23 |
1) You have machines using apache-2.0.58-r2 with an unpatched security |
| 24 |
hole which you would like to immediately patch locally until a fix is |
| 25 |
committed to the portage tree. |
| 26 |
|
| 27 |
2) You are using binary packages and need to simulate a version bump to |
| 28 |
force re-installation of a binary package with modified USE flags. |
| 29 |
|
| 30 |
3) You are using binary packages and need to simulate a version bump to |
| 31 |
force re-installation of binary packages that were rebuilt during |
| 32 |
revdep-rebuild |
| 33 |
|
| 34 |
In all of the above cases, one could simply bump the package up one |
| 35 |
revision by creating an ebuild in an overlay for apache-2.0.58-r3. |
| 36 |
However, using this solution will result in apache not being upgraded |
| 37 |
when apache-2.0.58-r3 is actually committed to the portage tree unless |
| 38 |
you perpetuate this bad habit ad nauseum. |
| 39 |
|
| 40 |
To give a better explanation of #3, consider the following scenario: |
| 41 |
|
| 42 |
- You have 60 servers with mysql-4.0.28 and php-5.1.6-r2 |
| 43 |
- You want to upgrade to mysql-5.0.30 and continue to use php-5.1.6-r2 |
| 44 |
- You use binary packages which are built on a staging machine |
| 45 |
- Your servers know to upgrade via a "pull" method with the help of |
| 46 |
cfengine which tells each server what packages SHOULD be installed on |
| 47 |
it. This also makes it very easy later to build another copy of a |
| 48 |
machine in the case of hardware failure by using the same description |
| 49 |
files (cfengine config programs) |
| 50 |
|
| 51 |
To accomplish the above in an enterprise environment, you would need to |
| 52 |
perform the following steps: |
| 53 |
|
| 54 |
1) Install mysql-5.0.30 on the staging machine and build binary packages |
| 55 |
|
| 56 |
2) Perform a revdep-rebuild on all packages using libmysql client |
| 57 |
libraries, building new binary packages for each of them |
| 58 |
|
| 59 |
3) Tell your other 60 servers that it is time to upgrade mysql (and in |
| 60 |
this case, reinstall php) |
| 61 |
|
| 62 |
Assuming you have a description file such as the following: |
| 63 |
|
| 64 |
__CUT__ |
| 65 |
|
| 66 |
webserver_packages = |
| 67 |
( |
| 68 |
dev-db/mysql-4.0.28 |
| 69 |
dev-lang/php-5.1.6-r2 |
| 70 |
) |
| 71 |
|
| 72 |
... |
| 73 |
|
| 74 |
__CUT__ |
| 75 |
|
| 76 |
It is obvious what change must be made to install the new version of |
| 77 |
MySQL, but how do you update PHP without bumping the version of PHP? You |
| 78 |
would need some extra metadata to tell the servers if they are upgrading |
| 79 |
from mysql-4.0.28 to mysql-5.0.30 that they should reinstall PHP. This is |
| 80 |
fine for a few packages, but it can quickly become a maintanence |
| 81 |
nightmare. |
| 82 |
|
| 83 |
Having local revision numbers solves this problem very simply, and |
| 84 |
provides quite a bit of flexibility as a side-effect. |
| 85 |
|
| 86 |
|
| 87 |
NOTES: |
| 88 |
|
| 89 |
- The "-local#" revisions MUST NOT be used in the main portage tree. It |
| 90 |
is something that system administrators would have exclusively for their |
| 91 |
own purposes such as those described above. This SHOULD probably be |
| 92 |
enforced by repoman in addition to policy changes. |
| 93 |
|
| 94 |
- The new (completely backward compatible) version priority order would be: |
| 95 |
|
| 96 |
apache-2.0.58 |
| 97 |
apache-2.0.58-r1 |
| 98 |
apache-2.0.58-r2 |
| 99 |
apache-2.0.58-r2-local1 |
| 100 |
apache-2.0.58-r2-local2 |
| 101 |
apache-2.0.58-r3 |
| 102 |
apache-2.0.59 |
| 103 |
|
| 104 |
-- |
| 105 |
gentoo-dev@g.o mailing list |
Archives