-
Notifications
You must be signed in to change notification settings - Fork 164
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for hashed mode to Poudriere #751
base: master
Are you sure you want to change the base?
Conversation
Can you also give more context for what this is? |
When combined with freebsd/pkg#1829 This creates a pkg repo that looks like this:
So when you install a package, it fetches the file with the hash in the URL:
This will allow package repositories to be served from CDNs and web caches, since the unique hash in the filename will avoid the need for cache invalidation on the actual package files, and a short lifetime on the pkg meta files is all that would be required. |
4d1ad4f
to
668a61f
Compare
@bapt with freebsd/pkg@36dfb48 merged into pkg, I've refreshed this patch to add a -H flag to poudriere bulk, which builds a repo using the hashed mode. It currently implies --symlink as well, because poudriere doesn't find the already build packages during an incremental without it yet. |
The change committed to pkg is different than the original proposal (create hashed filenames during |
@allanjude Can we also have a poudriere.conf knob. Below is from my attempt I will write and test an additional commit to work with yours to do that.
|
@allanjude As discussed oob I will try to get a patch version that includes -H flag or poudriere.conf options and generate a new pr/reopen #786 |
@darkfiberiru do you still have plans to pick this up again? |
a59ca49
to
30c4b23
Compare
One thing I noticed, with the new default config, the pkgs get owned by 'nobody', but the symlink's to the hashed versions are owned by root. I notice packagesite etc are not owned by nobody. |
Creates the repo with hash-based filenames to allow use of a CDN Setting `PKG_HASH="yes"` in poudriere.conf will build a repo where all of the packages are in All/Hashed/ and the repo manifest points there. It also creates a set of symlinks in the All/ directory, but these are purely for poudriere itself, to find dependencies. The symlinks should NOT be published, only the Hashed/ directory is required. This mechanism ensures that the package files themselves can be cached by a CDN as the filename will change if the contents ever differ. The repo metadata files (those outside of All/) should be set to have a very low cache expiration, so that when a new package set is published they are updated and reflect the new packages. Technically this feature also allows "previous" versions of packages to continue to be available via the CDN, but that is a side-effect not a purposeful feature. Sponsored-by: Klara, Inc. Sponsored-by: TitanHQ
I have refreshed this and solved the issues that have been reported (Poudriere was trying to delete the Hashed directory as it thought it was an orphaned package) |
Looking at this today. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Quick changes requested
|
||
# Remount rw | ||
# mount_nullfs does not support mount -u | ||
umount ${UMOUNT_NONBUSY} ${MASTERMNT}/packages || \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See 43cca93
s/${UMOUNT_NONBUSY}/-n/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Although I think you can just use remount_packages
.
@@ -9542,6 +9560,11 @@ build_repo() { | |||
sign_pkg pubkey "${PACKAGES:?}/Latest/pkg.${PKG_EXT}" | |||
fi | |||
fi | |||
|
|||
# Remount ro | |||
umount ${UMOUNT_NONBUSY} ${MASTERMNT}/packages || \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
UMOUNT_NONBUSY to -n here too. Or better remount_packages -o ro
.
@@ -417,6 +421,8 @@ delete_pkg_xargs() { | |||
# Delete the package and the depsfile since this package is being deleted, | |||
# which will force it to be recreated | |||
{ | |||
# If ${pkg} is a symlink, delete the target as well | |||
[ -L "${pkg}" ] && echo $(realpath "${pkg}") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please avoid &&
as if it ends up being the last in a statement the statement can return non-zero with set -e
. So we avoid it as a pattern because it sneaks in eventually.
# sh -c 'set -o pipefail; set -e; dolink() { [ -L / ] && true; }; dolink; echo done'; echo $?
1
@@ -28,7 +28,7 @@ | |||
.\" | |||
.\" Note: The date here should be updated whenever a non-trivial | |||
.\" change is made to the manual page. | |||
.Dd July 5, 2022 | |||
.Dd September 26, 2022 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Update to more recent given the PR idle time.
mkdir -p ${MASTERMNT}/tmp/packages | ||
if [ -n "${PKG_REPO_SIGNING_KEY}" ]; then | ||
msg "Signing repository with key: ${PKG_REPO_SIGNING_KEY}" | ||
install -m 0400 "${PKG_REPO_SIGNING_KEY}" \ | ||
"${MASTERMNT:?}/tmp/repo.key" | ||
injail ${PKG_BIN:?} repo \ | ||
${PKG_REPO_FLAGS} \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A goal I have is for set -u
to work. Please use ${PKG_REPO_FLAGS-}
here and in the next places.
@allanjude I can make the suggested changes myself if you are too busy. Want me to? |
If you have time that would be great, I'd really like to get this landed so FreeBSD can switch to using it, so we can have per-release pkg repos without having to grow the mirrors |
Requires the related patches to pkg and the ports tree