Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Push lockfiles functionality into aptly (upstream) #1

Open
4 tasks
wmanley opened this issue Dec 9, 2018 · 2 comments
Open
4 tasks

Push lockfiles functionality into aptly (upstream) #1

wmanley opened this issue Dec 9, 2018 · 2 comments

Comments

@wmanley
Copy link
Contributor

wmanley commented Dec 9, 2018

lockfiles are arguably the most generally interesting idea in apt2ostree. The same technique can be applied to other container systems like docker, and might even be useful on host systems. There would be value in separating out the bits of this project that deal with generating lockfiles into other projects for broader consumption.

Specifically there are two areas:

  1. Generating the lockfiles
  2. Applying the lockfiles

These should be considered separately.

Generating the lockfiles

We generate lockfiles using a Python API and passing in the packages we want. This generates a ninja file with rules to generate the lockfile. Running the ninja file depends on Python, aptly, ninja and apt-tools.

If we want the lockfiles to be used more widely it makes sense to reduce the number of dependencies - therefore making it easier to deploy. This functionality should be moved into aptly itself and implemented in go. Then in this project we just integrate it with the build system.

The command could look like:

aptly lockfile update config.ini

Which would take a multistrap config file "config.ini" and generate config.ini.lock. We would then modify the build system to generate these config files and call aptly lockfile update accordingly.

TODO:

  • Move multistrap ini parser to aptly/go
  • Call aptly with multistrap ini from apt2ostree
  • Propose aptly lockfile in aptly upstream

Here are the current aptly patches:

https://github.com/stb-tester/aptly/commits/lockfile/

Applying the lockfiles

apt2ostree essentially is a mechanism for applying these lockfiles to produce ostree images.

Lockfiles are a useful technique even in the absence of ostree, so for broader acceptance of this technique there should be other implementations. It might make sense to have apt (or possibly dpkg) be able to do this itself. It could then be used for docker images like so:

FROM ubuntu:20.04
ADD lockfile.lock /lockfile.lock
RUN apt apply-lockfile /lockfile.lock
...

TODO:

  • Discuss this with apt maintainers
@wmanley wmanley changed the title Get aptly patches merged upstream Push lockfiles functionality into aptly (upstream) Jun 10, 2020
@q-flexai
Copy link

q-flexai commented Dec 8, 2024

Did you ever send the patches to upstream aptly?

@wmanley
Copy link
Contributor Author

wmanley commented Dec 9, 2024

Did you ever send the patches to upstream aptly?

No, it's not suitable for upstreaming in its current form, and getting it there would require a bunch of work with no guarantee of acceptance. As it is apt2ostree is working fine for our purposes, so there's little motivation on our end. That might change if aptly maintainers or Debian were really keen on having it, but I don't have the patience for that kind of consensus building.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants