| 1 |
> Would getting hashes to agree be a hard thing to accomplish? |
| 2 |
There are probably some packages that will give difficulty, and a few things |
| 3 |
to consider but it should not be unreasonably hard. |
| 4 |
> If you use |
| 5 |
> the binary build feature in portage you could save the build in a |
| 6 |
> compressed format. |
| 7 |
This is the idea yes, to improve the binary feature of portage and then take |
| 8 |
advantage of it as part of this system. |
| 9 |
> Then have a hash generate set up where it would take |
| 10 |
> the name, version, and use flags, cflags and hash just that information. |
| 11 |
We are talking about two different types of hashes. |
| 12 |
There would be a hash in the package names in order to tell the difference |
| 13 |
between package foo compiled with use flag "bar" and package foo compiled |
| 14 |
without useflag "baa"(It would also have to take into account cflags and |
| 15 |
dependency versions), this is part of the "improved binary support idea". |
| 16 |
|
| 17 |
The second kind of hash that I am talking about now is a security hash |
| 18 |
computed over the final package file. By having multiple users compile the |
| 19 |
package and generate a security hash of it one can ensure(within reasonable |
| 20 |
doubt) that the package has not been tampered with by the contributor, by for |
| 21 |
example adding a rootkit to the source code. |
| 22 |
> Have a program that would run as a deamond on compter it could update |
| 23 |
> themselves to something like a torrent tracker. The torrent name could the |
| 24 |
> the hashed values. Then we could have the data that would need to be |
| 25 |
> installed passed via torrent to all other users. It would be an interesting |
| 26 |
> implementation. Also you could use a DC++ idea and have a hub set up where |
| 27 |
> you could only share compiled programs? |
| 28 |
This is roughly what I am proposing, except with a bit more security built in |
| 29 |
to prevent tampering with packages as well as a bit more work required to |
| 30 |
decide who will host/seed what. |
| 31 |
> This would make the idea distributed so it would not have to have ~10451G |
| 32 |
> of space used on any single server. People would host 'packages' as they |
| 33 |
> compiled them. The more comon the program was, the faster the downloads |
| 34 |
> would be. |
| 35 |
Yes, except there are security concerns so its a bit more complex then just |
| 36 |
one user compiling something and then everyone using it. There would have to |
| 37 |
be redundant compiles to prevent tampering, as well as tracking of where |
| 38 |
packages came from. |
| 39 |
The main concern isn't really fast downloads though but rather distributing |
| 40 |
the large quantity of hard drive usage required and the CPU time of compiles. |
| 41 |
> Another use would be releasing common programs/sets as packages? Example, |
| 42 |
> Xorg. There are tons of programs that go along with it. If you host |
| 43 |
> commonly used programs on a service then people could download the program |
| 44 |
> and use it while they compiled it with their own use flags. We could offer |
| 45 |
> programs with all flags enabled, the package manager would go get the |
| 46 |
> prebuild program, keep track of all the files and then start the custom |
| 47 |
> build according to the users own settings. After the build is done, before |
| 48 |
> it is moved from its sandbox, purdge the old files from the downloaded, |
| 49 |
> pre-compiled code, and then move the files from the sand box. |
| 50 |
The idea is that binaries of as many packages with as many different use |
| 51 |
flag/cflag etc.. combinations would be available as possible. It would be self |
| 52 |
regulating in that the more people who use a particular use flag/cflag |
| 53 |
combination the more likely a binary will already exist so the more popular |
| 54 |
stuff will always have binaries available first. If you use some really wacky |
| 55 |
cflag combination then you can't really expect that binaries will be |
| 56 |
available. |
| 57 |
|
| 58 |
People will be able to use these binaries with a normal emerge command |
| 59 |
provided they enable support for it... |
| 60 |
|
| 61 |
So emerge Xorg would download the appropriate Xorg binary if one existed, if |
| 62 |
there was not one it would instead compile it as normal. |
Archives