| 1 |
On 08/10/04 Chris Gianelloni wrote: |
| 2 |
|
| 3 |
> I didn't think anything actually used overlays. The emerge glsa was |
| 4 |
> being designed to work like "emerge system" or "emerge world". It |
| 5 |
> would require a regular "emerge sync" step to work properly... at |
| 6 |
> least, that was my understanding. Forgive me if I'm wrong on that. |
| 7 |
|
| 8 |
Interesting to see people talking about things that aren't completely |
| 9 |
implemented yet ;) |
| 10 |
At the moment GLSAs reside in $PORTDIR/metadata/glsa and on |
| 11 |
http://www.gentoo.org/security/en/glsa, the current code (used by |
| 12 |
glsa-check) only looks at the former location. However I've written the |
| 13 |
code in a way so that the location can be changed in the same way as |
| 14 |
other portage variables (in make.* or on the commandline), so it's not a |
| 15 |
problem to change the location in the profile, however you'll have to |
| 16 |
find a way to get the GLSAs there. I originally also planned to |
| 17 |
implement a way to get the GLSAs directly over http, but that's more |
| 18 |
complicated than I thought first (and not very useful for our current |
| 19 |
tree anyway). |
| 20 |
|
| 21 |
> Personally, I think there should be as little change for the user as |
| 22 |
> possible. Breaking "emerge sync" is probably not the best way to go |
| 23 |
> about it. Causing "emerge sync" to perform a slightly different |
| 24 |
> function, though with the same results (getting new ebuilds) is |
| 25 |
> probably the way to go. While I doubt we would be using gensync |
| 26 |
> directly, it definitely gives us a strong starting point. I am going |
| 27 |
> to say that I wouldn't be opposed to using gensync and a separate |
| 28 |
> repository, I just think it ends up being overly complex, as if we're |
| 29 |
> going to be offering it as an "official" Gentoo release, we should add |
| 30 |
> proper support into the tools we already have (portage). Also, using |
| 31 |
> portage and emerge sync for updates allows a user to switch to the |
| 32 |
> "current" tree with almost no work. |
| 33 |
|
| 34 |
As for generating a frozen tree I understand that there are basically |
| 35 |
two options: a) use our current (changing) tree and only freeze the |
| 36 |
versions of packages in the profile or b) create a new tree that |
| 37 |
doesn't change at all (maybe even limited to only include supported |
| 38 |
packages/versions). The first is easier to implement but has IMO several |
| 39 |
problems: |
| 40 |
- we can only limit a package to a specific version, but not "remove" a |
| 41 |
complete package that we don't want to support (under the assumption |
| 42 |
that we're not going to support the whole tree) |
| 43 |
- I doubt that a "packages" file with several hundred (or thousand) |
| 44 |
entries is someting most developers want to maintain |
| 45 |
- As Spider has already mentioned: It doesn't guarantee a definite base |
| 46 |
system as the tree (including the profile) can change over time. |
| 47 |
|
| 48 |
That leaves us with option b): We already offer tarballs of the portage |
| 49 |
tree, including the tarballs used to create our releases. People even |
| 50 |
have to use them if they want to use GRP. As people already know how to |
| 51 |
use them I'd suggest that we use tarballs to provide our frozen tree |
| 52 |
(wether we use the existing ones or create special ones is open for |
| 53 |
discussion). As this GLEP is looking for a long-term solution we can |
| 54 |
probably rely on some portage modifications that will be included in the |
| 55 |
version after 2.0.51 that will enhance our `emerge sync` mechanisms |
| 56 |
greatly (removing the need for emerge-webrsync and gensync). With these |
| 57 |
modifications we can set SYNC to our tarball and offer updates over |
| 58 |
rsync/cvs/tarballs/other transport that will be stored in an overlay, |
| 59 |
that overlay can then by synced with `emerge --sync updates` ("updates" |
| 60 |
is just an example, we can use any name there). |
| 61 |
(Anyone interested in the details of the modification see bug 35535). |
| 62 |
|
| 63 |
Marius |
Archives