Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 07 Aug 2007 15:37:44 +0200
From:      Alexander Leidinger <Alexander@Leidinger.net>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        Henrik Brix Andersen <henrik@brixandersen.dk>, Michael Nottebrock <lofi@freebsd.org>, cvs-all@freebsd.org, ports-committers@freebsd.org, Pav Lucistnik <pav@freebsd.org>, cvs-ports@freebsd.org
Subject:   Re: cvs commit: ports/Mk bsd.port.mk
Message-ID:  <20070807153744.rxsoo6p0ogoowsw4@webmail.leidinger.net>
In-Reply-To: <20070806173808.GA39444@rot26.obsecurity.org>
References:  <200706281553.l5SFr56i099807@repoman.freebsd.org> <20070802181715.46yikycm8gc8g8kk@webmail.leidinger.net> <20070803125410.GB1062@tirith.brixandersen.dk> <200708032144.57558.lofi@freebsd.org> <20070803204215.GA68620@rot26.obsecurity.org> <20070806074318.q9mw6ulngg00gwsw@webmail.leidinger.net> <20070806065634.GA31676@rot26.obsecurity.org> <20070806113855.0fcq213io0www04k@webmail.leidinger.net> <46B7072E.8070307@freebsd.org> <20070806173808.GA39444@rot26.obsecurity.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Kris Kennaway <kris@obsecurity.org> (from Mon, 6 Aug 2007 =20
13:38:08 -0400):

> On Mon, Aug 06, 2007 at 01:34:06PM +0200, Michael Nottebrock wrote:
>> Alexander Leidinger schrieb:
>> > Kris, what technical reasons are against explicit dependencies, in
>> > your opinion?
>> Explicit dependencies would be great, if they can be guaranteed to be
>> correct, which basically means we need a way auto-generate them. Maybe
>> this could be done in a similar way to the security check target - run
>> ldd/objdump over installed executables and libraries, record symbol
>> names somewhere, determine dependencies by comparing records ...
>>
>> Explicit dependencies that need to be determined and maintained manually
>> by port maintainers are useless, since they'll be almost guaranteed to
>> be wrong most of the time for those ports that would profit the most
>> (shave off the most implicit dependencies) from having them.
>
> Yes, this is the most serious problem.  Also there is no need to
> introduce a new variable to handle it: if you want to record explicit

I fail to see where a new variable comes into play...

> dependencies a better way is to use LIB_ or RUN_DEPENDS and track the
> direct vs inherited dependencies differently in the package database.

Why do you want to differentiate between implicit and explicit =20
dependencies? We don't need to list the implicit ones, they are =20
resolved implicitly already even without listing them in the package.

Let's step back for a moment...

ATM we record the dependencies and the dependencies of the =20
dependencies and so on in a package. I call this implicit dependency =20
recording.

With explicit dependency recording I associate to only record the =20
dependencies in the package, which are listed in LIB_ or RUN_DEPENDS =20
of the corresponding port for the package.

What I propose and what is implemented with the feature switch which =20
triggered this discussion is: to do the explicit dependency recording =20
instead of the implicit dependency recording. The ports collection =20
resolves the dependencies recursively so we don't need to record the =20
implicit dependencies. They are superflous in +CONTENTS (similar for =20
the corresponding entries in +REQUIRED_BY).

This changes
  - the amount (less) of packages listed in INDEX for a given port.
  - the amount (less) of dependencies listed in +CONTENTS for a given
    port/package.
  - the amount (less) of ports listed in +REQUIRED_BY.

When we _would_ switch _now_ it does _not_ change
  - the dependency tree for a port.
  - the amount of installed ports when installing x11/gnome2 or x11/kde
    or whatever (as they will still be resolved and installed
    implicitly).

It allows to have those nice development/update/build properties I =20
talked about in a previous post. To get those nice properties, we have =20
to extend the LIB_ and RUN_DEPENDS of our ports with all those =20
dependencies, which the binaries of the port in question reference but =20
have not listed already in the Makefile. Not all ports in the ports =20
collection fail to have all dependencies, but those which fail them =20
are most of the time not easy (gnome/kde/... are a huge number of =20
ports and are the prominent ports which would need such a treatment).

When we switch to explicit dependency recording without adding the =20
explicit LIB_ and RUN_DEPENDS
  - we gain the benefit of using less space (on disk/CD, via network
    transfer).
  - we will not break existing ports.
  - we don't gain the build/update/development benefits.


Can someone please point me to a strong technical reason not to switch =20
to explicit dependency recording? If not, are there strong technical =20
reasons to not record all the required dependencies in the ports which =20
are missing them after switching to explicit dependency recording =20
(note: please see my other mail where I inlined scripts to =20
automatically find suitable LIB_DEPENDS lines for the common case)?

Kris, if you are concerned about the impact on the ports collection, =20
please make a exp-build run with this feature and compare it to a =20
normal run.

With my "linux ports which are handled by emulation@"-maintainer-hat =20
on I want to point out my cleanup long ago in the linux ports. A lot =20
of ports had no dependency to the linux_base port or linux-x11 port =20
then. It was tedious to find and clean up all linux ports. Now all (I =20
hope) linux ports contain explicit dependencies to their requirements. =20
It makes it very easy to test infrastructure changes for the linux =20
ports now because of the explicit dependencies. It's a huge =20
difference. The amount of work in the beginning was much (we hat a lot =20
of exp-build runs, Kris and me spend a lot of time around Christmas to =20
get it into a good shape), but it amortizes as time passes by (the =20
testing for the update from linux_base-8 to fc4 -- with fc3 in between =20
but not being an official linux_base port for the masses -- was much =20
much much faster and needed less exp-build runs).

Bye,
Alexander.

--=20
Signals don't kill programs.  Programs kill programs.

http://www.Leidinger.net    Alexander @ Leidinger.net: PGP ID =3D B0063FE7
http://www.FreeBSD.org       netchild @ FreeBSD.org  : PGP ID =3D 72077137



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070807153744.rxsoo6p0ogoowsw4>