Re: [ECFT] pkgng 0.1-alpha1: a replacement for pkg_install

From: Baptiste Daroussin <bapt_at_freebsd.org>
Date: Fri, 25 Mar 2011 17:04:05 +0100
2011/3/25 Julien Laffaye <jlaffaye_at_freebsd.org>:
> On Fri, Mar 25, 2011 at 11:52 AM, Ivan Voras <ivoras_at_freebsd.org> wrote:
>> On 25/03/2011 11:11, Baptiste Daroussin wrote:
>>
>>>  In term of technology we decided to use a sqlite3 database, and to
>>>  prevent potential trolling, sqlite3 is used in it's amalgamation form
>>>  which means it is incorporated in the code sources (as recommanded by
>>>  sqlite developpers like a statically linked library) on build we only
>>>  activate the features we need in sqlite.
>>
>> I'm very glad you went with sqlite3! I've looked at pkgng source a bit and
>> it looks like you use transactions and foreign keys which is a huge benefit
>> for the whole effort.
>>
>> At this time I'd just like to suggest you add the use of WAL journal
>> (http://www.sqlite.org/pragma.html#pragma_journal_mode) on database creation
>> so you get the benefits of multiple-readers-single-writer concurrency model.
>>
>
> It sounds like a good idea. I'll add WAL support and if no problem
> arise from that we should keep it.
>
>>>  The alpha release come with an experimental tool "pkg2ng" to convert
>>>  an existing package database to the new pkgng database format. So one
>>>  can test pkgng without rebuild all its packages.
>>
>> Could you change the filename of the database to have the ".sqlite"
>> extension? It's not important but it indicates what it is used by and newer
>> software is moving to ".sqlite".
>>
>
> Sure. Maybe rename pkg.db to local.sqlite so it will consistent with
> the repo.sqlite (both in /var/db/pkg)
>
>>>  One of the thing we are thinking about pkgng is to perhaps be able to
>>>  provide it only as a ports (with simple script in base to
>>>  boostrap/install it). That would allow pkgng to live with the ports to
>>>  be able to easily integrate new features without having to support
>>>  very old version of pkgng.
>>
>> Maybe I'm misunderstanding but won't that mean that the ports system without
>> pkgng will continue to maintain their data in the current format?
>>
> If pkgng is not installed, the first thing the port system will do is
> to install it.
>
>>>  more informations can be found here:
>>>  http://git.etoilebsd.net/pkgng/tree/docs/GOALS,
>>
>> """
>>          the database will be a sqlite file compressed with the xz format.
>>          the database will be signed so we can trust the sha256 of the
>>          packages, so if a package has the expected hash, it is considered
>>          trusted.
>> """
>>
>> I'm not sure on what "the database" refers at this point, but is it really
>> necessary to compress it? I don't mean it's hard to do, just that maybe it
>> would be simpler without it.
>
> It is the database describing the remote repository. It is interesting
> to compress it because it will be downloaded.
>
>>
>> About this signature: hashing like this is very rudimentary. Could you
>> design this to extensible, expecting real PGP-based signatures in the
>> future?
>
> We thought that signing the repo.sqlite file would be simpler.
> If we want to sign each package individually, we must have a tarball
> which contains the real tarball plus the signature.
>
> Regards,
> Julien
> _______________________________________________
> freebsd-current_at_freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
>

if you are going to test on current please notice that make install
will overwrite /usr/lib/libpkg so pkg_* tools won't work anymore.

We will workaround that later by renaming our lib libpkgng for the test phase.

But I won't be able to do that before monday.

regards,
Bapt
Received on Fri Mar 25 2011 - 15:04:26 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:12 UTC