1 |
On 11-11-2018 21:53:33 +0100, Michał Górny wrote: |
2 |
> Hi, |
3 |
> |
4 |
> Ok, here's the second version integrating the feedback received. |
5 |
> The format is much simpler, based on nested tarballs inspired by Debian. |
6 |
> |
7 |
> The outer tarball is uncompressed and uses '.gpkg.tar' suffix. It |
8 |
> contains (preferably in order but PM should also handle packages with |
9 |
> mismatched order): |
10 |
> |
11 |
> 1. Optional (but recommended) "gpkg: ${PF}" package label that can be |
12 |
> used to quickly distinguish Gentoo binpkgs from regular tarballs |
13 |
> (for file(1)). |
14 |
> |
15 |
> 2. "metadata.tar${comp}" tarball containing binary package metadata |
16 |
> as files. |
17 |
> |
18 |
> 3. Optional "metadata.tar${comp}.sig" containing detached signature |
19 |
> for the metadata archive. |
20 |
> |
21 |
> 4. "contents.tar${comp}" tarball containing files to be installed. |
22 |
> |
23 |
> 5. Optional "contents.tar${comp}.sig" containing detached signature for |
24 |
> the contents archive. |
25 |
> |
26 |
> Notes: |
27 |
> |
28 |
> a. ${comp} can be any compression format supported by binary packages. |
29 |
> Technically, metadata and content archives may use different |
30 |
> compression. Either or both may be uncompressed as well. |
31 |
|
32 |
I'm wondering here, how much sense does it make to compress 2., 3. |
33 |
and/or 4. if you compress the whole gpkg? I have the impression |
34 |
compression on compression isn't beneficial here. Shouldn't just |
35 |
compressing of the gpkg tar be sufficient? |
36 |
|
37 |
As to allowing different compressors for a single gpkg, I think it would |
38 |
be better to require all compressors to be the same, such that a PM or |
39 |
tool can quickly see if it can "read" the file from the gpkg filename, |
40 |
instead of having to fetch and open it first. Obviously, if you drop |
41 |
compression of the inner tars, this point goes away. |
42 |
|
43 |
Thanks, |
44 |
Fabian |
45 |
|
46 |
> b. While signatures are optional, the PM should have a switch |
47 |
> controlling whether to expect them, and fail hard if they're not present |
48 |
> when expected. |
49 |
> |
50 |
> |
51 |
> Advantages |
52 |
> ---------- |
53 |
> Guaranteed: |
54 |
> |
55 |
> + The binary package is still one file, so can be fetched easily. |
56 |
> |
57 |
> + File format is trivial and can be extracted using tar(1) + compressor. |
58 |
> |
59 |
> + The metadata and contents are compressed independently, and so can be |
60 |
> easily extracted or modified independently. |
61 |
> |
62 |
> + The package format provides for separate metadata and content |
63 |
> signatures, so they can be verified independently. |
64 |
> |
65 |
> + Metadata can be compressed now. |
66 |
> |
67 |
> Achieved by regular archives (but might be broken if modified by user): |
68 |
> |
69 |
> + Easy recognition by magic(1). |
70 |
> |
71 |
> + The metadata archive (and its signature) is packed first, so it may be |
72 |
> read without fetching the whole binpkg. |
73 |
> |
74 |
> |
75 |
> Why not .ar format? |
76 |
> ------------------- |
77 |
> The use of .ar format has been proposed, akin to Debian. While |
78 |
> the option is mostly feasible, and the simplicity of .ar format would |
79 |
> reduce the outer size of binary packages, I think the format is simply |
80 |
> too obscure. It lives mostly as static library format, and the tooling |
81 |
> for it is part of binutils. LSB considers it deprecated. While I don't |
82 |
> see it going away anytime soon, I'd rather not rely on it in order to |
83 |
> save a few KiB. |
84 |
> |
85 |
> |
86 |
> Is there anything left to address? |
87 |
> |
88 |
> -- |
89 |
> Best regards, |
90 |
> Michał Górny |
91 |
|
92 |
|
93 |
|
94 |
-- |
95 |
Fabian Groffen |
96 |
Gentoo on a different level |