On Fri, Mar 25, 2011 at 11:52 AM, Ivan Voras <ivoras_at_freebsd.org> wrote: > On 25/03/2011 11:11, Baptiste Daroussin wrote: > >> In term of technology we decided to use a sqlite3 database, and to >> prevent potential trolling, sqlite3 is used in it's amalgamation form >> which means it is incorporated in the code sources (as recommanded by >> sqlite developpers like a statically linked library) on build we only >> activate the features we need in sqlite. > > I'm very glad you went with sqlite3! I've looked at pkgng source a bit and > it looks like you use transactions and foreign keys which is a huge benefit > for the whole effort. > > At this time I'd just like to suggest you add the use of WAL journal > (http://www.sqlite.org/pragma.html#pragma_journal_mode) on database creation > so you get the benefits of multiple-readers-single-writer concurrency model. > It sounds like a good idea. I'll add WAL support and if no problem arise from that we should keep it. >> The alpha release come with an experimental tool "pkg2ng" to convert >> an existing package database to the new pkgng database format. So one >> can test pkgng without rebuild all its packages. > > Could you change the filename of the database to have the ".sqlite" > extension? It's not important but it indicates what it is used by and newer > software is moving to ".sqlite". > Sure. Maybe rename pkg.db to local.sqlite so it will consistent with the repo.sqlite (both in /var/db/pkg) >> One of the thing we are thinking about pkgng is to perhaps be able to >> provide it only as a ports (with simple script in base to >> boostrap/install it). That would allow pkgng to live with the ports to >> be able to easily integrate new features without having to support >> very old version of pkgng. > > Maybe I'm misunderstanding but won't that mean that the ports system without > pkgng will continue to maintain their data in the current format? > If pkgng is not installed, the first thing the port system will do is to install it. >> more informations can be found here: >> http://git.etoilebsd.net/pkgng/tree/docs/GOALS, > > """ > the database will be a sqlite file compressed with the xz format. > the database will be signed so we can trust the sha256 of the > packages, so if a package has the expected hash, it is considered > trusted. > """ > > I'm not sure on what "the database" refers at this point, but is it really > necessary to compress it? I don't mean it's hard to do, just that maybe it > would be simpler without it. It is the database describing the remote repository. It is interesting to compress it because it will be downloaded. > > About this signature: hashing like this is very rudimentary. Could you > design this to extensible, expecting real PGP-based signatures in the > future? We thought that signing the repo.sqlite file would be simpler. If we want to sign each package individually, we must have a tarball which contains the real tarball plus the signature. Regards, JulienReceived on Fri Mar 25 2011 - 11:57:15 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:12 UTC