Date: Fri, 25 Mar 2011 12:33:47 +0000 From: Julien Laffaye <jlaffaye@FreeBSD.org> To: Ivan Voras <ivoras@freebsd.org> Cc: freebsd-current@freebsd.org Subject: Re: [ECFT] pkgng 0.1-alpha1: a replacement for pkg_install Message-ID: <AANLkTinV_3571iaa6c=5uCxYvHg-7%2BUOWQb=fGig3jVJ@mail.gmail.com> In-Reply-To: <imhvm9$hms$1@dough.gmane.org> References: <20110325101111.GA36840__48943.3474642739$1301049771$gmane$org@azathoth.lan> <imhvm9$hms$1@dough.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 25, 2011 at 11:52 AM, Ivan Voras <ivoras@freebsd.org> wrote: > On 25/03/2011 11:11, Baptiste Daroussin wrote: > >> =A0In term of technology we decided to use a sqlite3 database, and to >> =A0prevent potential trolling, sqlite3 is used in it's amalgamation form >> =A0which means it is incorporated in the code sources (as recommanded by >> =A0sqlite developpers like a statically linked library) on build we only >> =A0activate the features we need in sqlite. > > I'm very glad you went with sqlite3! I've looked at pkgng source a bit an= d > it looks like you use transactions and foreign keys which is a huge benef= it > for the whole effort. > > At this time I'd just like to suggest you add the use of WAL journal > (http://www.sqlite.org/pragma.html#pragma_journal_mode) on database creat= ion > so you get the benefits of multiple-readers-single-writer concurrency mod= el. > It sounds like a good idea. I'll add WAL support and if no problem arise from that we should keep it. >> =A0The alpha release come with an experimental tool "pkg2ng" to convert >> =A0an existing package database to the new pkgng database format. So one >> =A0can test pkgng without rebuild all its packages. > > Could you change the filename of the database to have the ".sqlite" > extension? It's not important but it indicates what it is used by and new= er > software is moving to ".sqlite". > Sure. Maybe rename pkg.db to local.sqlite so it will consistent with the repo.sqlite (both in /var/db/pkg) >> =A0One of the thing we are thinking about pkgng is to perhaps be able to >> =A0provide it only as a ports (with simple script in base to >> =A0boostrap/install it). That would allow pkgng to live with the ports t= o >> =A0be able to easily integrate new features without having to support >> =A0very old version of pkgng. > > Maybe I'm misunderstanding but won't that mean that the ports system with= out > pkgng will continue to maintain their data in the current format? > If pkgng is not installed, the first thing the port system will do is to install it. >> =A0more informations can be found here: >> =A0http://git.etoilebsd.net/pkgng/tree/docs/GOALS, > > """ > =A0 =A0 =A0 =A0 =A0the database will be a sqlite file compressed with the= xz format. > =A0 =A0 =A0 =A0 =A0the database will be signed so we can trust the sha256= of the > =A0 =A0 =A0 =A0 =A0packages, so if a package has the expected hash, it is= considered > =A0 =A0 =A0 =A0 =A0trusted. > """ > > I'm not sure on what "the database" refers at this point, but is it reall= y > necessary to compress it? I don't mean it's hard to do, just that maybe i= t > would be simpler without it. It is the database describing the remote repository. It is interesting to compress it because it will be downloaded. > > About this signature: hashing like this is very rudimentary. Could you > design this to extensible, expecting real PGP-based signatures in the > future? We thought that signing the repo.sqlite file would be simpler. If we want to sign each package individually, we must have a tarball which contains the real tarball plus the signature. Regards, Julien
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTinV_3571iaa6c=5uCxYvHg-7%2BUOWQb=fGig3jVJ>