| 1 |
On Sun, 2018-11-11 at 21:53 +0100, Michał Górny wrote: |
| 2 |
> Hi, |
| 3 |
> |
| 4 |
> Ok, here's the second version integrating the feedback received. |
| 5 |
> The format is much simpler, based on nested tarballs inspired by Debian. |
| 6 |
> |
| 7 |
> The outer tarball is uncompressed and uses '.gpkg.tar' suffix. It |
| 8 |
> contains (preferably in order but PM should also handle packages with |
| 9 |
> mismatched order): |
| 10 |
> |
| 11 |
> 1. Optional (but recommended) "gpkg: ${PF}" package label that can be |
| 12 |
> used to quickly distinguish Gentoo binpkgs from regular tarballs |
| 13 |
> (for file(1)). |
| 14 |
> |
| 15 |
> 2. "metadata.tar${comp}" tarball containing binary package metadata |
| 16 |
> as files. |
| 17 |
> |
| 18 |
> 3. Optional "metadata.tar${comp}.sig" containing detached signature |
| 19 |
> for the metadata archive. |
| 20 |
> |
| 21 |
> 4. "contents.tar${comp}" tarball containing files to be installed. |
| 22 |
> |
| 23 |
> 5. Optional "contents.tar${comp}.sig" containing detached signature for |
| 24 |
> the contents archive. |
| 25 |
> |
| 26 |
> Notes: |
| 27 |
> |
| 28 |
> a. ${comp} can be any compression format supported by binary packages. |
| 29 |
> Technically, metadata and content archives may use different |
| 30 |
> compression. Either or both may be uncompressed as well. |
| 31 |
> |
| 32 |
> b. While signatures are optional, the PM should have a switch |
| 33 |
> controlling whether to expect them, and fail hard if they're not present |
| 34 |
> when expected. |
| 35 |
> |
| 36 |
> |
| 37 |
> Advantages |
| 38 |
> ---------- |
| 39 |
> Guaranteed: |
| 40 |
> |
| 41 |
> + The binary package is still one file, so can be fetched easily. |
| 42 |
> |
| 43 |
> + File format is trivial and can be extracted using tar(1) + compressor. |
| 44 |
> |
| 45 |
> + The metadata and contents are compressed independently, and so can be |
| 46 |
> easily extracted or modified independently. |
| 47 |
> |
| 48 |
> + The package format provides for separate metadata and content |
| 49 |
> signatures, so they can be verified independently. |
| 50 |
> |
| 51 |
> + Metadata can be compressed now. |
| 52 |
> |
| 53 |
> Achieved by regular archives (but might be broken if modified by user): |
| 54 |
> |
| 55 |
> + Easy recognition by magic(1). |
| 56 |
> |
| 57 |
> + The metadata archive (and its signature) is packed first, so it may be |
| 58 |
> read without fetching the whole binpkg. |
| 59 |
> |
| 60 |
> |
| 61 |
> Why not .ar format? |
| 62 |
> ------------------- |
| 63 |
> The use of .ar format has been proposed, akin to Debian. While |
| 64 |
> the option is mostly feasible, and the simplicity of .ar format would |
| 65 |
> reduce the outer size of binary packages, I think the format is simply |
| 66 |
> too obscure. It lives mostly as static library format, and the tooling |
| 67 |
> for it is part of binutils. LSB considers it deprecated. While I don't |
| 68 |
> see it going away anytime soon, I'd rather not rely on it in order to |
| 69 |
> save a few KiB. |
| 70 |
> |
| 71 |
> |
| 72 |
> Is there anything left to address? |
| 73 |
> |
| 74 |
|
| 75 |
Hmm, I've missed one disadvantage compared to xpak and v1: at least with |
| 76 |
the standard tools, we can't build the binary package on the fly without |
| 77 |
creating temporary archives (and therefore duplicating disk space use). |
| 78 |
|
| 79 |
In other words, xpak and v1 formats made it possible to tar |
| 80 |
the installation image straight to the new package. |
| 81 |
|
| 82 |
The v2 format requires creating "contents.tar${comp}" first, and then |
| 83 |
creating the actual binary package with it. I don't think we can avoid |
| 84 |
this without creating a custom .tar writing tool that supports adding |
| 85 |
data on-the-fly (e.g. by writing the file data, then seeking back to |
| 86 |
update the size record). |
| 87 |
|
| 88 |
Of course, one option would be to use ZIP ;-). |
| 89 |
|
| 90 |
-- |
| 91 |
Best regards, |
| 92 |
Michał Górny |
Archives