Add support for hashed mode to Poudriere #751
Conversation
|
Can you also give more context for what this is? |
When combined with freebsd/pkg#1829 This creates a pkg repo that looks like this: So when you install a package, it fetches the file with the hash in the URL: This will allow package repositories to be served from CDNs and web caches, since the unique hash in the filename will avoid the need for cache invalidation on the actual package files, and a short lifetime on the pkg meta files is all that would be required. |
allanjude
force-pushed
the
hashed_pkgs
branch
2 times, most recently
from
4d1ad4f
to
668a61f
Compare
|
@bapt with freebsd/pkg@36dfb48 merged into pkg, I've refreshed this patch to add a -H flag to poudriere bulk, which builds a repo using the hashed mode. It currently implies --symlink as well, because poudriere doesn't find the already build packages during an incremental without it yet. |
|
The change committed to pkg is different than the original proposal (create hashed filenames during |
|
@allanjude Can we also have a poudriere.conf knob. Below is from my attempt I will write and test an additional commit to work with yours to do that. |
|
@allanjude As discussed oob I will try to get a patch version that includes -H flag or poudriere.conf options and generate a new pr/reopen #786 |
|
@darkfiberiru do you still have plans to pick this up again? |
allanjude
force-pushed
the
hashed_pkgs
branch
2 times, most recently
from
a59ca49
to
30c4b23
Compare
|
One thing I noticed, with the new default config, the pkgs get owned by 'nobody', but the symlink's to the hashed versions are owned by root. I notice packagesite etc are not owned by nobody. |
Creates the repo with hash-based filenames to allow use of a CDN Setting `PKG_HASH="yes"` in poudriere.conf will build a repo where all of the packages are in All/Hashed/ and the repo manifest points there. It also creates a set of symlinks in the All/ directory, but these are purely for poudriere itself, to find dependencies. The symlinks should NOT be published, only the Hashed/ directory is required. This mechanism ensures that the package files themselves can be cached by a CDN as the filename will change if the contents ever differ. The repo metadata files (those outside of All/) should be set to have a very low cache expiration, so that when a new package set is published they are updated and reflect the new packages. Technically this feature also allows "previous" versions of packages to continue to be available via the CDN, but that is a side-effect not a purposeful feature. Sponsored-by: Klara, Inc. Sponsored-by: TitanHQ
|
I have refreshed this and solved the issues that have been reported (Poudriere was trying to delete the Hashed directory as it thought it was an orphaned package) |
|
Looking at this today. |
|
|
||
| # Remount rw | ||
| # mount_nullfs does not support mount -u | ||
| umount ${UMOUNT_NONBUSY} ${MASTERMNT}/packages || \ |
There was a problem hiding this comment.
See 43cca93
s/${UMOUNT_NONBUSY}/-n/
There was a problem hiding this comment.
Although I think you can just use remount_packages.
| @@ -9542,6 +9560,11 @@ build_repo() { | |||
| sign_pkg pubkey "${PACKAGES:?}/Latest/pkg.${PKG_EXT}" | |||
| fi | |||
| fi | |||
|
|
|||
| # Remount ro | |||
| umount ${UMOUNT_NONBUSY} ${MASTERMNT}/packages || \ | |||
There was a problem hiding this comment.
UMOUNT_NONBUSY to -n here too. Or better remount_packages -o ro.
| @@ -417,6 +421,8 @@ delete_pkg_xargs() { | |||
| # Delete the package and the depsfile since this package is being deleted, | |||
| # which will force it to be recreated | |||
| { | |||
| # If ${pkg} is a symlink, delete the target as well | |||
| [ -L "${pkg}" ] && echo $(realpath "${pkg}") | |||
There was a problem hiding this comment.
Please avoid && as if it ends up being the last in a statement the statement can return non-zero with set -e. So we avoid it as a pattern because it sneaks in eventually.
# sh -c 'set -o pipefail; set -e; dolink() { [ -L / ] && true; }; dolink; echo done'; echo $?
1
| @@ -28,7 +28,7 @@ | |||
| .\" | |||
| .\" Note: The date here should be updated whenever a non-trivial | |||
| .\" change is made to the manual page. | |||
| .Dd July 5, 2022 | |||
| .Dd September 26, 2022 | |||
There was a problem hiding this comment.
Update to more recent given the PR idle time.
| mkdir -p ${MASTERMNT}/tmp/packages | ||
| if [ -n "${PKG_REPO_SIGNING_KEY}" ]; then | ||
| msg "Signing repository with key: ${PKG_REPO_SIGNING_KEY}" | ||
| install -m 0400 "${PKG_REPO_SIGNING_KEY}" \ | ||
| "${MASTERMNT:?}/tmp/repo.key" | ||
| injail ${PKG_BIN:?} repo \ | ||
| ${PKG_REPO_FLAGS} \ |
There was a problem hiding this comment.
A goal I have is for set -u to work. Please use ${PKG_REPO_FLAGS-} here and in the next places.
Requires the related patches to pkg and the ports tree