| 1 |
On 02/02/2017 12:35 PM, james wrote: |
| 2 |
> On 02/02/2017 01:01 PM, Rich Freeman wrote: |
| 3 |
>> On Thu, Feb 2, 2017 at 11:25 AM, Michael Orlitzky <mjo@g.o> wrote: |
| 4 |
>>> |
| 5 |
>>> If (base == minimal), then all of the upstream defaults need to be added |
| 6 |
>>> to package.use for the upstream-defaults profile. That's bad, |
| 7 |
>> |
| 8 |
>> I'll go further and say that it is unacceptably bad. |
| 9 |
>> |
| 10 |
>>> but if |
| 11 |
>>> (base == upstream-defaults), then the important IUSE defaults need to be |
| 12 |
>>> copy/pasted from our ebuilds into the minimal profile. The latter is |
| 13 |
>>> more spiritually damning =) |
| 14 |
>>> |
| 15 |
>> |
| 16 |
>> So, I'll admit I've never been one that cared a great deal about |
| 17 |
>> minimalism so I appreciate that I may not be the best one to judge |
| 18 |
>> this, so let's go ahead and embrace your statement for the purpose of |
| 19 |
>> debate. |
| 20 |
>> |
| 21 |
>> Is there a better way we can have our cake and eat it too? I'll admit |
| 22 |
>> that a huge package.use on the minimal profile isn't a whole lot |
| 23 |
>> better than a huge package.use on all the other profiles. |
| 24 |
>> |
| 25 |
>> Do we need another form of syntax in individual ebuilds to try to |
| 26 |
>> separate out the various cases you cite? Does anybody care to |
| 27 |
>> actually suggest one? |
| 28 |
> |
| 29 |
> I think that unikernels are something everyone should be aware of |
| 30 |
> as they purport to be the latest trend in securing all sorts of systems. |
| 31 |
> (a brief read). |
| 32 |
> |
| 33 |
> http://unikernel.org/ |
| 34 |
> |
| 35 |
> |
| 36 |
> Perhaps we should not have a 'minimal profile', as it means so many |
| 37 |
> different things to so many different people. We have not even surveyed |
| 38 |
> the user base... |
| 39 |
> |
| 40 |
> So if we think of all the possible profiles and sub-profiles as being |
| 41 |
> organized in a tree structure, it is better to figure out logical |
| 42 |
> organization of all profiles, imho. |
| 43 |
> |
| 44 |
> So how about profiles that are either under the embedded or basic |
| 45 |
> 'moniker' in the profile tree. So embedded is the least number of |
| 46 |
> packages possible, regardless of upstream, where folks build up from |
| 47 |
> there to what they want as a finished system. Embedded, clusters, HPC, |
| 48 |
> and such are compatible enough for what I'm building to be under the |
| 49 |
> same branch of the profile tree. If other folks want their cluster works |
| 50 |
> under the basic part of the profile tree that is concerned with |
| 51 |
> upstream, then they have their part of the profile tree located there. |
| 52 |
> |
| 53 |
> And the 'basic' part of the tree is similar to what we now call |
| 54 |
> 'default' and the names build up in whatever schema those target builds |
| 55 |
> desire, like basic+headless, basic+kde, basic+?+whatever..... ? |
| 56 |
> |
| 57 |
> And is there any reason, if necessary that other needs cannot be |
| 58 |
> branched off, as necessary form the profile tree? Perhaps the main root |
| 59 |
> is a state diagram of what is need and has links to relevant documents. |
| 60 |
> That way the profile tree is a live system that can be enhance or |
| 61 |
> modified to serve all of Gentoo's diverse visions. |
| 62 |
|
| 63 |
That's an awful lot of change for only slight benefit. The mixin idea |
| 64 |
that mgorny's been proposing may become a great way for people to state |
| 65 |
their needs explicitly in something that profiles are able to handle, |
| 66 |
once that work is finished. I believe Funtoo uses this extensively, and |
| 67 |
they might be worth contacting to see how we can best use them for our |
| 68 |
needs as well, assuming the design is the same. |
| 69 |
|
| 70 |
> |
| 71 |
> |
| 72 |
>> I still think that we shouldn't encourage users to lightly deviate |
| 73 |
>> from all the upstream defaults. There are of course legitimate |
| 74 |
>> reasons for doing so, and you and I can probably appreciate when we |
| 75 |
>> should do this, but for somebody starting out we're giving them a lot |
| 76 |
>> of rope to hang themselves with. |
| 77 |
> |
| 78 |
> This is only the case because profiles are in general in a mess and |
| 79 |
> there are little in the way of conventions. What is so sacrosanct about |
| 80 |
> upstream for a truly embedded gentoo system or a gentoo based IoT |
| 81 |
> device? How many of the gentoo-embedded devs even bother to read |
| 82 |
> gentoo-dev? Your vision seems to me to be tainted by the major distros |
| 83 |
> and their visions, not be impolite, but they are way off course for |
| 84 |
> secure systems, embedded systems, IoT, HPC and numerous other active |
| 85 |
> areas of Linux, imho. |
| 86 |
> |
| 87 |
> |
| 88 |
> Think about it, if upstream is so brilliant, and has our needs 'at |
| 89 |
> heart' then why have not the kernel-geniuses bothered to build a |
| 90 |
> logical, coherent semantic for kernel configurations, management, |
| 91 |
> security testing and such? If fact, if I were to be critical of |
| 92 |
> upstream, I'd say those and many other issues should have been addressed |
| 93 |
> before the adventures of systemd were dictated upon the larger user |
| 94 |
> base. Upstream is an 'ad-hoc' mess, in the old days we called such |
| 95 |
> entities a clusterF*. |
| 96 |
|
| 97 |
Profiles may be a bit of a mess. I'm not qualified to determine that |
| 98 |
since I don't touch profiles, but the brief browsing I've done indicates |
| 99 |
that *some* care was put into it, or there wouldn't be such a large |
| 100 |
profile tree. |
| 101 |
|
| 102 |
The thing about Gentoo is that no single use case rules all, but as a |
| 103 |
distribution we kinda owe it to the greater user audience to adopt |
| 104 |
upstream defaults. The entire point of USE flags is so users can deviate |
| 105 |
from that, if they need or want to. Gentoo needs to be usable out of the |
| 106 |
box; it can't be if we're dismantling the work we've put into figuring |
| 107 |
out sane USE flags across the tree. |
| 108 |
|
| 109 |
I'm not saying profiles are perfect, just that they make a decent |
| 110 |
blueprint. With mixins likely coming to the tree, I'm excited to see |
| 111 |
what's possible with them. |
| 112 |
> |
| 113 |
> |
| 114 |
> So those of us going back to minimal and basics and such venues, even |
| 115 |
> with clusters, could not care less about Mozilla, systemd and thousands |
| 116 |
> of other upstream folks that have lost their pathway forward. (deepest |
| 117 |
> apologies, but I have very strong feelings about "upstream*". |
| 118 |
|
| 119 |
I do too, which is why I deal with it with my USE flags. It is, however, |
| 120 |
upstream's software, and most of the time they're the most qualified to |
| 121 |
determine what the default should be. Defaults aren't set in stone in |
| 122 |
Gentoo; that's part of its beauty. |
| 123 |
|
| 124 |
> |
| 125 |
> |
| 126 |
> Many of the profiles in this and other recent threads, are just 'ad-hoc' |
| 127 |
> naming structures and locations, and that historical flexibility extend |
| 128 |
> to the devs is fantastic. This enhance/cleaning need of gentoo profiles |
| 129 |
> needs to be well thought out and as flexible semantically as possible. |
| 130 |
|
| 131 |
Agreed. |
| 132 |
|
| 133 |
> |
| 134 |
> |
| 135 |
> It is absolutely a superior approach to not care at all what upstream |
| 136 |
> does, to provide a pathway for embedded gentoo. That is a fundamental |
| 137 |
> characteristic of what an embedded system is. Thanke the code, purge |
| 138 |
> 90+ percent of this, and then install it on a embedded system so |
| 139 |
> only what is needed is encluded. On a distro, you can pile on tons |
| 140 |
> of uncessary codes, for convenience and not care, but embedded, |
| 141 |
> it does matter. That is why so much of Iot is hacked and owned |
| 142 |
> by folks with nefarious intentions. Much of 'upstream' is growing |
| 143 |
> dumber by the day, and corporate manager and government interlopers |
| 144 |
> are just loving the cruft of 'upstream'. |
| 145 |
|
| 146 |
I think that largely depends on your purpose for a given system. IoT |
| 147 |
devices get cracked and abused mostly due to misconfiguration and a |
| 148 |
failure to update when CVEs and whatnot are released. Being completely |
| 149 |
Spartan may help against that, but as we all know... old code tends to |
| 150 |
rot if not taken care of with at least backported patches. |
| 151 |
|
| 152 |
Upstream is important because they supply 99% of the software we use. We |
| 153 |
are just the distributors (hence "distribution"). We ideally shouldn't |
| 154 |
have too strong of an opinion as maintainers; expose enough USE flags to |
| 155 |
make a given package configurable, and apply '+' to upstream's default |
| 156 |
stuff. I'd be surprised if a considerable number of packages on Gentoo |
| 157 |
*weren't* that way. |
| 158 |
|
| 159 |
Again, package.use (and maybe mixins) are the way to fix this. |
| 160 |
> |
| 161 |
> |
| 162 |
> Minimal is a close cousin to embedded, and now unikernels and aggressive |
| 163 |
> HPC clusters are going that direction too in the name of performance, |
| 164 |
> sane-management and reducing attack surfaces for the cloud or HPC |
| 165 |
> cluster (not all, but many). |
| 166 |
> |
| 167 |
> |
| 168 |
> Surely a branch of the gentoo profiles tree, could rigorously be focused |
| 169 |
> on compatibility with upstream, but that inflexibility, if imposed |
| 170 |
> on everyone else, will only serve to further alienate gentoo-embedded |
| 171 |
> and serve as a unnecessary wedge between some minimal, HPC and unikernel |
| 172 |
> types of gentoo builds. |
| 173 |
> |
| 174 |
|
| 175 |
Is there not an embedded profile? If that's where the beef is, perhaps |
| 176 |
you should be talking to the embedded team rather than the greater |
| 177 |
Gentoo dev community. They're likely better versed, and they *should* be |
| 178 |
paying attention to gentoo-dev, as is expected from us. None of us works |
| 179 |
in a vacuum, and we should be aware of what's happening with the whole |
| 180 |
distribution, if only to see that there's activity somewhere. |
| 181 |
|
| 182 |
A default Gentoo installation is not inflexible. It's merely a default |
| 183 |
that can later be changed; even before your first call to 'emerge'. |
| 184 |
> |
| 185 |
> |
| 186 |
>> It is like building a kernel |
| 187 |
>> answering no to the largest number of questions possible while still |
| 188 |
>> actually building something. I'd actually be curious as to what that |
| 189 |
>> kernel would even be capable of doing (there are a lot of fairly |
| 190 |
>> essential things you can turn off in the kernel). |
| 191 |
> |
| 192 |
> |
| 193 |
> This is a whole other area of valid concern. Their was a GSoC project |
| 194 |
> last summer to work on organizing gentooish kernel builds, but that is a |
| 195 |
> very big topic. Perhaps the profiles will have to be proposed but not |
| 196 |
> formalized until folks go out and do some kernel builds and testing |
| 197 |
> associated with a proposed profile organization? |
| 198 |
|
| 199 |
afaik building the kernel is completely outside of Portage's reach. It |
| 200 |
merely installs the source files needed to build it. Everything else is |
| 201 |
up to you and/or genkernel. |
| 202 |
|
| 203 |
A special kernel fork designed for embedded sounds good, though. I'm |
| 204 |
sure we've got something like that in the tree (or an overlay) somewhere. |
| 205 |
> |
| 206 |
> |
| 207 |
>> In the same way, we shouldn't be too quick to deviate from upstream |
| 208 |
>> defaults ourselves (#4 in your example), beyond actual integration |
| 209 |
>> work. |
| 210 |
> |
| 211 |
>> I'll admit the current state is a bit of a compromise, but I don't |
| 212 |
>> think we should change it unless we're changing it to something |
| 213 |
>> significantly better. This is a pretty big-impact change. |
| 214 |
> |
| 215 |
> |
| 216 |
> Just formalize some new parts of the profile tree to not be required to |
| 217 |
> be upstream compliant. Isn't that part of being a 'meta-distribution'? |
| 218 |
|
| 219 |
Don't we already do that? KDE, GNOME, and XFCE aren't "upstream" |
| 220 |
compliant because there *isn't* a single, default upstream DE, so we |
| 221 |
have profiles for that. If you or others would like to create or improve |
| 222 |
existing profiles, then that's awesome and you should try to put |
| 223 |
together some patches or a pull request so we can take a look. |
| 224 |
|
| 225 |
> |
| 226 |
> In my future (and the future of many others) there will be minimalistic |
| 227 |
> builds on clusters where any number to constructs including |
| 228 |
> compatibility which will all be solved, at the framework level, not the |
| 229 |
> base distro level, to the extent possible. Folks are now running a |
| 230 |
> myriad of windows OS versions on linux (&clusters), so I have just read |
| 231 |
> about a few days ago. So I'm proposing and working on gentoo |
| 232 |
> heterogeneous cluster where one can partition part to be for systemd |
| 233 |
> stuffage, part to be HPC, part to be extraordinarily secure, part to be |
| 234 |
> aligned with a particularly commercial linux distro, and many other |
| 235 |
> differing needs based frameworks. |
| 236 |
> |
| 237 |
> |
| 238 |
> The minimal (lowest level) should be clear of all of those distro |
| 239 |
> encumbrances. CoreOS is taking this approach, as their bare metal |
| 240 |
> bootstrapping occurs completely and well before systemd or any other |
| 241 |
> PID1 schema is invoked or becomes a defacto requirement. Gentoo is all |
| 242 |
> about freedom, right? |
| 243 |
|
| 244 |
If we need a new profile, then certainly those who are going to use it |
| 245 |
should be best equipped to know what needs to be in it, right? This is a |
| 246 |
great case for building what you need and then sharing it so everyone |
| 247 |
can benefit. I don't do embedded (though I might tinker with it some |
| 248 |
day), so I'm definitely not able to know what needs to be in such a |
| 249 |
profile. We need people who actually work in that sort of stuff to do |
| 250 |
the work, because if someone like me does it, then it may have too many |
| 251 |
packages in it, or it won't account for X or Y use case that's super |
| 252 |
common in embedded, etc. |
| 253 |
|
| 254 |
Embedded is an itch, and non-embedded Gentoo people can't scratch it for |
| 255 |
you because we aren't qualified. If you or others ever manage to make |
| 256 |
that profile, please share it so others can benefit too. :) |
| 257 |
> |
| 258 |
> |
| 259 |
> hth, |
| 260 |
> James |
| 261 |
> |
| 262 |
|
| 263 |
Thanks for reading, |
| 264 |
zlg |
| 265 |
-- |
| 266 |
Daniel Campbell - Gentoo Developer |
| 267 |
OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net |
| 268 |
fpr: AE03 9064 AE00 053C 270C 1DE4 6F7A 9091 1EA0 55D6 |
Archives