arcayr/ia
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
experimental post-transactional package manager for adélie linux.
1 commit 1 branch 0 tags 143 KiB
Rust 100%
Find a file
arcayr 52197b9f2b
initial commit.
2024-10-12 16:39:11 +11:00
crates/ia initial commit. 2024-10-12 16:39:11 +11:00
.gitignore initial commit. 2024-10-12 16:39:11 +11:00
Cargo.lock initial commit. 2024-10-12 16:39:11 +11:00
Cargo.toml initial commit. 2024-10-12 16:39:11 +11:00
LICENSE initial commit. 2024-10-12 16:39:11 +11:00
README.md initial commit. 2024-10-12 16:39:11 +11:00

README.md

ia

while several existing package managers implement one, or some, of these attributes, none of them:

  • avoid doing weird things to archive files for file formats;
  • avoid introducing a second-tier meta-language such as "macros";
  • ensure that packages are built reproducibly by default, only providing an escape hatch for impossible cases;
  • ensure that package composition is constructed in a clean, restricted namespace;
  • optionally create an immutable overlay using reflinks into the running system to provide an immutable base;
  • exclusively utilise a capability-based operating model for the packaging pipeline to mitigate malicious build manifests;
  • provide easily-indexable information on package contents for end-users;
  • provide atomicity of individual package installation and uninstallation; and
  • use a declarative composition pipeline and configuration using a simple, halting configuration language.

many wrappers for current package managers exist that attempt to create declarative behaviour or implement some of these traits, and in some cases processes or external tools are used by maintainers to perform the above. many of these tools simply spawn these underlying tools as subprocesses, cleaning up as best they can, and operating on a trust model with the underlying imperative package manager.

ia is an attempt at a fully declarative package manager as thoroughly as usably viable while attempting to learn from experiences packaging for (and using) various distributions throughout the years.

fundamentally, ia functions similar to the build process in almost any other package manager, utilising the apk file format for artifact outputs. optionally, ia can generate an ostree overlay containing the package composition pipeline's outputs. this can be overlayed onto the root filesystem to provide read-only access to the package's files.

current status

ia usage is currently represented by its test suite.

install

  • ia-cli binary: cargo build --bin ia-cli
    • this is the ia executable which provides the client and server modules.
  • ia library: cargo build --lib ia
    • this is a rust library that can be used by others.

configuration

usage

packaging for ia

repository hosting for ia

  • ia server help: ia server --help
  • ia server manpage: man 8 ia-server

why the name?

short, it doesn't mean anything. it was called pk before this, which meant 'package keeper'. this was obviously even less unimaginative and very taken.

if you really need a longer name to attach to it, i guess 'installation assistant' works just fine.

something's wrong

🚧

this is bad / this makes me angry / i don't like this

🙂

what's the todo?

ia is considered pre-pre alpha.

pre-alpha

  • package building pipeline unsandboxed
  • full manifest parsing
  • source file hash verification
  • implementation of fetchers for local files
  • basic cli
    • most commands will be behind "unsafe" flags, as their behaviour will be kept to bypass
      cases where the standard method simply cannot work
  • package building pipeline via exec escape hatch

alpha

  • package building pipeline sandboxed
    build pipeline utilises cap_std, ia will utilise the repository server to obtain build dependencies
  • implementation of fetchers for http/https, git, and ftp.
  • build_dependencies support
  • package lockfile generation
  • cli configuration file
  • repository server
  • package definition import from:
    • apk: apkbuild
  • implementation of specific configuration / pre-build handlers
    • autoconf
  • implementation of specific build handlers
    • cmake
    • go
    • meson
    • cpan
    • python: setup.py
  • implementation of specific test handlers
    • cmake
    • go
    • cargo
    • meson

beta

  • ostree overlays from ia transactions
  • implementation of further download handlers
    • hg
    • bzr
  • implementation of further build handlers
    • cargo
    • python (distutils)
  • package definition import from:
    • apk: apkbuild
    • pacman: pkgbuild
    • rpm: specfile
  • exec escape hatch moved to require unsafe flag
  • 100% test coverage
    • some tests will need to be executed separately due to their interaction with state outside of the library (e.g., source fetching).

1.0+

  • package definition import from:
    • deb: debian control
    • library package definition import from:
      • javascript: npm
      • ruby: rubygems (via git)
      • python: pypi
      • rust: crates.io
      • go: pkg.dev
  • packagekit integration

references and inspirations

license

ia is released under the AGPLv3 license, the text of which you can find in the LICENSE file.

ia will not be dual licensed, and is provided as-is without warranty.