apt2ostree icon indicating copy to clipboard operation
apt2ostree copied to clipboard

Published 20 hours ago verified publisher icon stb-tester

Push lockfiles functionality into aptly (upstream)

Open wmanley opened this issue 5 years ago • 0 comments

lockfiles are arguably the most generally interesting idea in apt2ostree. The same technique can be applied to other container systems like docker, and might even be useful on host systems. There would be value in separating out the bits of this project that deal with generating lockfiles into other projects for broader consumption.

Specifically there are two areas:

  1. Generating the lockfiles
  2. Applying the lockfiles

These should be considered separately.

Generating the lockfiles

We generate lockfiles using a Python API and passing in the packages we want. This generates a ninja file with rules to generate the lockfile. Running the ninja file depends on Python, aptly, ninja and apt-tools.

If we want the lockfiles to be used more widely it makes sense to reduce the number of dependencies - therefore making it easier to deploy. This functionality should be moved into aptly itself and implemented in go. Then in this project we just integrate it with the build system.

The command could look like:

aptly lockfile update config.ini

Which would take a multistrap config file "config.ini" and generate config.ini.lock. We would then modify the build system to generate these config files and call aptly lockfile update accordingly.

TODO:

  • [ ] Move multistrap ini parser to aptly/go
  • [ ] Call aptly with multistrap ini from apt2ostree
  • [ ] Propose aptly lockfile in aptly upstream

Here are the current aptly patches:

https://github.com/stb-tester/aptly/commit/cb35058292225a6ffb0b6a6a1043914de40ab031

Applying the lockfiles

apt2ostree essentially is a mechanism for applying these lockfiles to produce ostree images.

Lockfiles are a useful technique even in the absence of ostree, so for broader acceptance of this technique there should be other implementations. It might make sense to have apt (or possibly dpkg) be able to do this itself. It could then be used for docker images like so:

FROM ubuntu:20.04
ADD lockfile.lock /lockfile.lock
RUN apt apply-lockfile /lockfile.lock
...

TODO:

  • [ ] Discuss this with apt maintainers

wmanley avatar Dec 09 '18 23:12 wmanley