arcayr/ia
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add initial readme with project outline.

Browse source
This commit is contained in:
elliot speck 2024-09-29 08:37:58 +10:00
commit 6faa6a9266
Signed by: arcayr
SSH key fingerprint: SHA256:ACNNWlqwQA5pfEvX1dnTlr8r4fdg1taXA0lae2FSjto
1 changed files with 141 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

141
readme.md Normal file
View file

@ -0,0 +1,141 @@
# ia
while several existing package managers implement one, or some, of these attributes, none of them:
* avoid doing weird things to archive files for file formats;
* avoid introducing a second-tier meta-language such as "macros";
* ensure that packages are built reproducibly by default, only providing an escape hatch for impossible cases;
* ensure that package composition is constructed in a clean, restricted namespace;
* optionally create an immutable overlay using reflinks into the running system to provide an immutable base;
* exclusively utilise a capability-based operating model for the packaging pipeline to mitigate malicious build manifests;
* provide easily-indexable information on package contents for end-users;
* provide atomicity of *individual* package installation and uninstallation; **and**
* use a declarative composition pipeline and configuration using a simple, halting configuration language.
many wrappers for current package managers exist that attempt to create declarative behaviour or implement some of these traits, and in some cases processes or external tools are used by maintainers to perform the above. many of these tools simply spawn these underlying tools as subprocesses, cleaning up as best they can, and operating on a trust model with the underlying imperative package manager.
`ia` is an attempt at a fully declarative package manager as thoroughly as usably viable while attempting to learn from experiences packaging for (and using) various distributions throughout the years.
fundamentally, `ia` functions similar to the build process in almost any other package manager, utilising the [apk file format](https://wiki.alpinelinux.org/wiki/Apk_spec) for artifact outputs. optionally, `ia` can generate an ostree overlay containing the package composition pipeline's outputs. this can be overlayed onto the root filesystem to provide read-only access to the package's files.
## install
* `ia-cli` binary: `cargo build --bin ia-cli`
* this is the `ia` executable which provides the client and server modules.
* `ia` library: `cargo build --lib ia`
* this is a rust library that can be used by others.
## configuration
* `ia` configuration file manpage: `man 5 ia.toml`
* [example configuration file](./crates/tests/fixtures/package/manifest.toml)
## usage
* `ia` help: `ia --help`
* `ia` cli manpage: `man 8 ia`
* `ia` [library development docs](https://docs.rs/git.mischief.expert/arcayr/ia)
## packaging for ia
* `ia build` help: `ia build --help`
* `ia build` manpage: `man 8 ia-build`
* [example manifest](./crates/tests/fixtures/package/manifest.toml)
* `ia` [package manifest source](./crates/ia/src/manifest)
## repository hosting for ia
* `ia server` help: `ia server --help`
* `ia server` manpage: `man 8 ia-server`
## why the name?
short, it doesn't mean anything. it was called `pk` before this, which meant 'package keeper'. this was obviously even less unimaginative and very taken.
if you really need a longer name to attach to it, i guess 'installation assistant' works just fine.
## something's wrong
🚧
## this is bad / this makes me angry / i don't like this
🙂
## what's the todo?
`ia` is considered pre-pre alpha.
### pre-alpha
- **package building pipeline unsandboxed**
- full manifest parsing
- source file hash verification
- implementation of fetchers for `http` / `https` and `git`
- basic cli
- most commands will be behind "unsafe" flags, as their behaviour will be kept to bypass
cases where the standard method simply cannot work
- package building pipeline via `exec` escape hatch
- 100% doc coverage
### alpha
- **package building pipeline sandboxed**
build pipeline utilises `cap_std`, ia will utilise the repository server to obtain build dependencies
- `build_dependencies` support
- package lockfile generation
- ia cli configuration file
- ia repository server
- package definition import from:
- apk: apkbuild
- implementation of specific build handlers
- cmake
- go
- cargo
- meson
- implementation of specific test handlers
- cmake
- go
- cargo
- meson
- 100% test coverage
- 100% doc coverage
### beta
- ostree overlays from ia transactions
- implementation of further download handlers
- hg
- bzr
- package definition import from:
- apk: apkbuild
- pacman: pkgbuild
- rpm: specfile
- `exec` escape hatch requires unsafe flag
- logging uses sigma gigarizzler emojis
- 100% test coverage
- 100% doc coverage
### 1.0+
* package definition import from:
* deb: debian control
* library package definition import from:
* javascript: npm
* ruby: rubygems
* python: pypi
* rust: crates.io
* go: pkg.dev
* packagekit integration
## references and inspirations
* [apk](https://wiki.alpinelinux.org/wiki/Alpine_Package_Keeper)
* [the apk file specification](https://wiki.alpinelinux.org/wiki/Apk_spec)
* [ostree](https://ostreedev.github.io/)
* [rpm-ostree](https://coreos.github.io/rpm-ostree)
* [overlayfs](https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt)
* [composefs](https://github.com/containers/composefs)
* [bootc](https://containers.github.io/bootc)
* [nix](https://nixos.org/)
## license
AGPL-3.0-or-later, the text of which you can find [here](https://spdx.org/licenses/AGPL-3.0-or-later.html).
`ia` will not be dual licensed, and is provided as-is without warranty.