1 |
> Security would be the largest stumbling block of this system. |
2 |
|
3 |
Actually, I think a signed package would suffice. MD5 checksum perhaps. |
4 |
But, I think the biggest stumbling block is not security, but rather disk |
5 |
space and bandwidth. All of these combinations would just become an |
6 |
enormous archive. |
7 |
|
8 |
Tom Veldhouse |
9 |
|
10 |
> -----BEGIN PGP SIGNED MESSAGE----- |
11 |
> Hash: SHA1 |
12 |
> |
13 |
> Hi, I have an idea I've been thinking about, I'd like to share it and |
14 |
> see anyone thinks there is any merit to it. |
15 |
> |
16 |
> The goal is to preserve gentoo's customizability but gain the |
17 |
> convenience of instantly available binary packages. |
18 |
> |
19 |
> The problem with binary packages is that they come in one flavor and |
20 |
> would ignore your local USE variable settings. Plus, creating separate |
21 |
> binary packages for every combination of USE variables would be an |
22 |
> enormous, never ending task. |
23 |
> |
24 |
> My idea is to automate the process of creating binary packages, and turn |
25 |
> the installed base of gentoo users into a giant compile farm. |
26 |
> |
27 |
> When a user goes to emerge a package, first portage would analyze the |
28 |
> ebuild to determine what USE variables are used by the package. Then it |
29 |
> would build an ordered list of the user's USE variables, limited to only |
30 |
> those that are used by this particular package, but indicating if they |
31 |
> are enabled or not. |
32 |
> |
33 |
> To this list of USE variables would be added the gcc version, CHOST, |
34 |
> CFLAGS, CXXFLAGS, perhaps portage version, plus what ever else that |
35 |
> makes up the uniqueness of the user's configuration. I'm taking a cue |
36 |
> from ccache for this. |
37 |
> |
38 |
> Portage could then take this unique code and check a public server to |
39 |
> see if a binary package exists matching this combination. If so, the |
40 |
> binary package would be fetched and installed. If not, the package |
41 |
> would be compiled locally and then uploaded to the public server. |
42 |
> |
43 |
> To prevent from malicious tampering, some kind of system would need to |
44 |
> be in place to verify that a package hasn't been trojaned or something. |
45 |
> ~ The server could wait until it received a certain number of copies of a |
46 |
> specific package from unique sources and compare them to see if they are |
47 |
> all the same before deciding a package is safe. |
48 |
> |
49 |
> Security would be the largest stumbling block of this system. I think |
50 |
> the most likely system to be safe would be a PGP-like web of trust. |
51 |
> Each gentoo installation would generate a set of keys that it would use |
52 |
> to sign packages it uploads. Small groups of gentoo users who have the |
53 |
> same setup could exchange keys. As the server receives binary packages |
54 |
> with the same checksum, it accumulates the keys from the signature. |
55 |
> Portage would only then download a package if it has been signed by a |
56 |
> key that the user trusts. Of course, if no such key is available, it |
57 |
> would build the package locally. If the local binary package matches |
58 |
> what is available on the server, this user would sign the binary package |
59 |
> available on the server. Optionally, a user to configure his system to |
60 |
> accept a binary package after it has been signed by a certain number of |
61 |
> keys. |
62 |
> |
63 |
> I believe the ideal storage facility for such a system is with something |
64 |
> like freenet. It is distributed, non-permanent storage where more |
65 |
> popular files are longer-lived than infrequently requested files. |
66 |
> Assuming the vast majority of gentoo users are using the same default |
67 |
> settings for most things, the popular packages would survive |
68 |
> indefinately on freenet as long as there are people installing them. |
69 |
> |
70 |
> A system that took advantage of freenet could upload the binary package |
71 |
> to freenet with its md5sum as the key, and submit the package details |
72 |
> with key to a central server. Portage would when check with the central |
73 |
> server for a key, fetch the package out of freenet with the key, and |
74 |
> then install the binary package. |
75 |
> |
76 |
> That's basically it. Sure, it's a far-fetched idea but I'd to hear what |
77 |
> people think about it. |
78 |
> |
79 |
> - - Robert |
80 |
> |
81 |
> - -- |
82 |
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBB929E54 |
83 |
> Key fingerprint = BEA9 490C D2B9 AD83 E88B 3148 3136 34E4 BB92 9E54 |
84 |
> -----BEGIN PGP SIGNATURE----- |
85 |
> Version: GnuPG v1.0.7 (GNU/Linux) |
86 |
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
87 |
> |
88 |
> iD8DBQE9b3XqMTY05LuSnlQRAvMWAJwOqQQsfZiJOO9G8TpcD1EOLq9yTACeI8af |
89 |
> KGbprUFS/QwGRLwygQ0lA44= |
90 |
> =FxhM |
91 |
> -----END PGP SIGNATURE----- |
92 |
> |
93 |
> _______________________________________________ |
94 |
> gentoo-dev mailing list |
95 |
> gentoo-dev@g.o |
96 |
> http://lists.gentoo.org/mailman/listinfo/gentoo-dev |
97 |
> |