1 |
On 02/02/2017 12:35 PM, james wrote: |
2 |
> On 02/02/2017 01:01 PM, Rich Freeman wrote: |
3 |
>> On Thu, Feb 2, 2017 at 11:25 AM, Michael Orlitzky <mjo@g.o> wrote: |
4 |
>>> |
5 |
>>> If (base == minimal), then all of the upstream defaults need to be added |
6 |
>>> to package.use for the upstream-defaults profile. That's bad, |
7 |
>> |
8 |
>> I'll go further and say that it is unacceptably bad. |
9 |
>> |
10 |
>>> but if |
11 |
>>> (base == upstream-defaults), then the important IUSE defaults need to be |
12 |
>>> copy/pasted from our ebuilds into the minimal profile. The latter is |
13 |
>>> more spiritually damning =) |
14 |
>>> |
15 |
>> |
16 |
>> So, I'll admit I've never been one that cared a great deal about |
17 |
>> minimalism so I appreciate that I may not be the best one to judge |
18 |
>> this, so let's go ahead and embrace your statement for the purpose of |
19 |
>> debate. |
20 |
>> |
21 |
>> Is there a better way we can have our cake and eat it too? I'll admit |
22 |
>> that a huge package.use on the minimal profile isn't a whole lot |
23 |
>> better than a huge package.use on all the other profiles. |
24 |
>> |
25 |
>> Do we need another form of syntax in individual ebuilds to try to |
26 |
>> separate out the various cases you cite? Does anybody care to |
27 |
>> actually suggest one? |
28 |
> |
29 |
> I think that unikernels are something everyone should be aware of |
30 |
> as they purport to be the latest trend in securing all sorts of systems. |
31 |
> (a brief read). |
32 |
> |
33 |
> http://unikernel.org/ |
34 |
> |
35 |
> |
36 |
> Perhaps we should not have a 'minimal profile', as it means so many |
37 |
> different things to so many different people. We have not even surveyed |
38 |
> the user base... |
39 |
> |
40 |
> So if we think of all the possible profiles and sub-profiles as being |
41 |
> organized in a tree structure, it is better to figure out logical |
42 |
> organization of all profiles, imho. |
43 |
> |
44 |
> So how about profiles that are either under the embedded or basic |
45 |
> 'moniker' in the profile tree. So embedded is the least number of |
46 |
> packages possible, regardless of upstream, where folks build up from |
47 |
> there to what they want as a finished system. Embedded, clusters, HPC, |
48 |
> and such are compatible enough for what I'm building to be under the |
49 |
> same branch of the profile tree. If other folks want their cluster works |
50 |
> under the basic part of the profile tree that is concerned with |
51 |
> upstream, then they have their part of the profile tree located there. |
52 |
> |
53 |
> And the 'basic' part of the tree is similar to what we now call |
54 |
> 'default' and the names build up in whatever schema those target builds |
55 |
> desire, like basic+headless, basic+kde, basic+?+whatever..... ? |
56 |
> |
57 |
> And is there any reason, if necessary that other needs cannot be |
58 |
> branched off, as necessary form the profile tree? Perhaps the main root |
59 |
> is a state diagram of what is need and has links to relevant documents. |
60 |
> That way the profile tree is a live system that can be enhance or |
61 |
> modified to serve all of Gentoo's diverse visions. |
62 |
|
63 |
That's an awful lot of change for only slight benefit. The mixin idea |
64 |
that mgorny's been proposing may become a great way for people to state |
65 |
their needs explicitly in something that profiles are able to handle, |
66 |
once that work is finished. I believe Funtoo uses this extensively, and |
67 |
they might be worth contacting to see how we can best use them for our |
68 |
needs as well, assuming the design is the same. |
69 |
|
70 |
> |
71 |
> |
72 |
>> I still think that we shouldn't encourage users to lightly deviate |
73 |
>> from all the upstream defaults. There are of course legitimate |
74 |
>> reasons for doing so, and you and I can probably appreciate when we |
75 |
>> should do this, but for somebody starting out we're giving them a lot |
76 |
>> of rope to hang themselves with. |
77 |
> |
78 |
> This is only the case because profiles are in general in a mess and |
79 |
> there are little in the way of conventions. What is so sacrosanct about |
80 |
> upstream for a truly embedded gentoo system or a gentoo based IoT |
81 |
> device? How many of the gentoo-embedded devs even bother to read |
82 |
> gentoo-dev? Your vision seems to me to be tainted by the major distros |
83 |
> and their visions, not be impolite, but they are way off course for |
84 |
> secure systems, embedded systems, IoT, HPC and numerous other active |
85 |
> areas of Linux, imho. |
86 |
> |
87 |
> |
88 |
> Think about it, if upstream is so brilliant, and has our needs 'at |
89 |
> heart' then why have not the kernel-geniuses bothered to build a |
90 |
> logical, coherent semantic for kernel configurations, management, |
91 |
> security testing and such? If fact, if I were to be critical of |
92 |
> upstream, I'd say those and many other issues should have been addressed |
93 |
> before the adventures of systemd were dictated upon the larger user |
94 |
> base. Upstream is an 'ad-hoc' mess, in the old days we called such |
95 |
> entities a clusterF*. |
96 |
|
97 |
Profiles may be a bit of a mess. I'm not qualified to determine that |
98 |
since I don't touch profiles, but the brief browsing I've done indicates |
99 |
that *some* care was put into it, or there wouldn't be such a large |
100 |
profile tree. |
101 |
|
102 |
The thing about Gentoo is that no single use case rules all, but as a |
103 |
distribution we kinda owe it to the greater user audience to adopt |
104 |
upstream defaults. The entire point of USE flags is so users can deviate |
105 |
from that, if they need or want to. Gentoo needs to be usable out of the |
106 |
box; it can't be if we're dismantling the work we've put into figuring |
107 |
out sane USE flags across the tree. |
108 |
|
109 |
I'm not saying profiles are perfect, just that they make a decent |
110 |
blueprint. With mixins likely coming to the tree, I'm excited to see |
111 |
what's possible with them. |
112 |
> |
113 |
> |
114 |
> So those of us going back to minimal and basics and such venues, even |
115 |
> with clusters, could not care less about Mozilla, systemd and thousands |
116 |
> of other upstream folks that have lost their pathway forward. (deepest |
117 |
> apologies, but I have very strong feelings about "upstream*". |
118 |
|
119 |
I do too, which is why I deal with it with my USE flags. It is, however, |
120 |
upstream's software, and most of the time they're the most qualified to |
121 |
determine what the default should be. Defaults aren't set in stone in |
122 |
Gentoo; that's part of its beauty. |
123 |
|
124 |
> |
125 |
> |
126 |
> Many of the profiles in this and other recent threads, are just 'ad-hoc' |
127 |
> naming structures and locations, and that historical flexibility extend |
128 |
> to the devs is fantastic. This enhance/cleaning need of gentoo profiles |
129 |
> needs to be well thought out and as flexible semantically as possible. |
130 |
|
131 |
Agreed. |
132 |
|
133 |
> |
134 |
> |
135 |
> It is absolutely a superior approach to not care at all what upstream |
136 |
> does, to provide a pathway for embedded gentoo. That is a fundamental |
137 |
> characteristic of what an embedded system is. Thanke the code, purge |
138 |
> 90+ percent of this, and then install it on a embedded system so |
139 |
> only what is needed is encluded. On a distro, you can pile on tons |
140 |
> of uncessary codes, for convenience and not care, but embedded, |
141 |
> it does matter. That is why so much of Iot is hacked and owned |
142 |
> by folks with nefarious intentions. Much of 'upstream' is growing |
143 |
> dumber by the day, and corporate manager and government interlopers |
144 |
> are just loving the cruft of 'upstream'. |
145 |
|
146 |
I think that largely depends on your purpose for a given system. IoT |
147 |
devices get cracked and abused mostly due to misconfiguration and a |
148 |
failure to update when CVEs and whatnot are released. Being completely |
149 |
Spartan may help against that, but as we all know... old code tends to |
150 |
rot if not taken care of with at least backported patches. |
151 |
|
152 |
Upstream is important because they supply 99% of the software we use. We |
153 |
are just the distributors (hence "distribution"). We ideally shouldn't |
154 |
have too strong of an opinion as maintainers; expose enough USE flags to |
155 |
make a given package configurable, and apply '+' to upstream's default |
156 |
stuff. I'd be surprised if a considerable number of packages on Gentoo |
157 |
*weren't* that way. |
158 |
|
159 |
Again, package.use (and maybe mixins) are the way to fix this. |
160 |
> |
161 |
> |
162 |
> Minimal is a close cousin to embedded, and now unikernels and aggressive |
163 |
> HPC clusters are going that direction too in the name of performance, |
164 |
> sane-management and reducing attack surfaces for the cloud or HPC |
165 |
> cluster (not all, but many). |
166 |
> |
167 |
> |
168 |
> Surely a branch of the gentoo profiles tree, could rigorously be focused |
169 |
> on compatibility with upstream, but that inflexibility, if imposed |
170 |
> on everyone else, will only serve to further alienate gentoo-embedded |
171 |
> and serve as a unnecessary wedge between some minimal, HPC and unikernel |
172 |
> types of gentoo builds. |
173 |
> |
174 |
|
175 |
Is there not an embedded profile? If that's where the beef is, perhaps |
176 |
you should be talking to the embedded team rather than the greater |
177 |
Gentoo dev community. They're likely better versed, and they *should* be |
178 |
paying attention to gentoo-dev, as is expected from us. None of us works |
179 |
in a vacuum, and we should be aware of what's happening with the whole |
180 |
distribution, if only to see that there's activity somewhere. |
181 |
|
182 |
A default Gentoo installation is not inflexible. It's merely a default |
183 |
that can later be changed; even before your first call to 'emerge'. |
184 |
> |
185 |
> |
186 |
>> It is like building a kernel |
187 |
>> answering no to the largest number of questions possible while still |
188 |
>> actually building something. I'd actually be curious as to what that |
189 |
>> kernel would even be capable of doing (there are a lot of fairly |
190 |
>> essential things you can turn off in the kernel). |
191 |
> |
192 |
> |
193 |
> This is a whole other area of valid concern. Their was a GSoC project |
194 |
> last summer to work on organizing gentooish kernel builds, but that is a |
195 |
> very big topic. Perhaps the profiles will have to be proposed but not |
196 |
> formalized until folks go out and do some kernel builds and testing |
197 |
> associated with a proposed profile organization? |
198 |
|
199 |
afaik building the kernel is completely outside of Portage's reach. It |
200 |
merely installs the source files needed to build it. Everything else is |
201 |
up to you and/or genkernel. |
202 |
|
203 |
A special kernel fork designed for embedded sounds good, though. I'm |
204 |
sure we've got something like that in the tree (or an overlay) somewhere. |
205 |
> |
206 |
> |
207 |
>> In the same way, we shouldn't be too quick to deviate from upstream |
208 |
>> defaults ourselves (#4 in your example), beyond actual integration |
209 |
>> work. |
210 |
> |
211 |
>> I'll admit the current state is a bit of a compromise, but I don't |
212 |
>> think we should change it unless we're changing it to something |
213 |
>> significantly better. This is a pretty big-impact change. |
214 |
> |
215 |
> |
216 |
> Just formalize some new parts of the profile tree to not be required to |
217 |
> be upstream compliant. Isn't that part of being a 'meta-distribution'? |
218 |
|
219 |
Don't we already do that? KDE, GNOME, and XFCE aren't "upstream" |
220 |
compliant because there *isn't* a single, default upstream DE, so we |
221 |
have profiles for that. If you or others would like to create or improve |
222 |
existing profiles, then that's awesome and you should try to put |
223 |
together some patches or a pull request so we can take a look. |
224 |
|
225 |
> |
226 |
> In my future (and the future of many others) there will be minimalistic |
227 |
> builds on clusters where any number to constructs including |
228 |
> compatibility which will all be solved, at the framework level, not the |
229 |
> base distro level, to the extent possible. Folks are now running a |
230 |
> myriad of windows OS versions on linux (&clusters), so I have just read |
231 |
> about a few days ago. So I'm proposing and working on gentoo |
232 |
> heterogeneous cluster where one can partition part to be for systemd |
233 |
> stuffage, part to be HPC, part to be extraordinarily secure, part to be |
234 |
> aligned with a particularly commercial linux distro, and many other |
235 |
> differing needs based frameworks. |
236 |
> |
237 |
> |
238 |
> The minimal (lowest level) should be clear of all of those distro |
239 |
> encumbrances. CoreOS is taking this approach, as their bare metal |
240 |
> bootstrapping occurs completely and well before systemd or any other |
241 |
> PID1 schema is invoked or becomes a defacto requirement. Gentoo is all |
242 |
> about freedom, right? |
243 |
|
244 |
If we need a new profile, then certainly those who are going to use it |
245 |
should be best equipped to know what needs to be in it, right? This is a |
246 |
great case for building what you need and then sharing it so everyone |
247 |
can benefit. I don't do embedded (though I might tinker with it some |
248 |
day), so I'm definitely not able to know what needs to be in such a |
249 |
profile. We need people who actually work in that sort of stuff to do |
250 |
the work, because if someone like me does it, then it may have too many |
251 |
packages in it, or it won't account for X or Y use case that's super |
252 |
common in embedded, etc. |
253 |
|
254 |
Embedded is an itch, and non-embedded Gentoo people can't scratch it for |
255 |
you because we aren't qualified. If you or others ever manage to make |
256 |
that profile, please share it so others can benefit too. :) |
257 |
> |
258 |
> |
259 |
> hth, |
260 |
> James |
261 |
> |
262 |
|
263 |
Thanks for reading, |
264 |
zlg |
265 |
-- |
266 |
Daniel Campbell - Gentoo Developer |
267 |
OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net |
268 |
fpr: AE03 9064 AE00 053C 270C 1DE4 6F7A 9091 1EA0 55D6 |