BSDCan 2014 – Ports and Packages WG

July 18, 2014 by · Leave a Comment 

Baptiste Daroussin started the session with a status update on package building. All packages are now built with poudriere. The FreeBSD Foundation sponsored some large machines on which it takes around 16 hours to build a full tree. Each Wednesday at 01:00UTC the tree is snapshot and an incremental build is started for all supported released, the 2 stable branches (9 and 10) and quarterly branches for 9.x-RELEASE and 10.x-RELEASE. The catalogue is signed on a dedicated signing machine before upload. Packages can be downloaded from 4 mirrors (us-west, us-east, UK, and Russia) and feedback so far has been very positive.

He went on to note that ports people need better coordination with src people on ABI breakage. We currently only support i386 and amd64, with future plans for ARM and a MIPS variant. Distfiles are not currently mirrored (since fixed), and while it has seen no progress, it’s still a good idea to build a pkg of the ports tree itself.

pkg 1.3 will include a new solver, which will help 'pkg upgrade' understand that an old packages needs to be replaced with a newer one, with no more need for 'pkg set' and other chicanery. Cross building ports has been added to the ports tree, but is waiting for pkg-1.3. All the dangerous operations in pkg have now been sandboxed as well.

EOL for pkg_tools has been set for September 1st. An errata notice has gone out that adds a default pkg.conf and keys to all supported branches, and nagging delays have been added to ports.

Quarterly branches based on 3 month support cycle has been started on an evaluation basis. We’re still unsure about the manpower needed to maintain those. Every quarter a snapshot of the tree is created and only security fixed, build and runtime fixed, and upgrades to pkg are allowed to be committed to it. Using the MFH tag in a commit message will automatically send an approval request to portmgr and an mfh script on Tools/ makes it easy to do the merge.

Experience so far has been good, some minor issues to the insufficient testing. MFHs should only contain the above mentioned fixes; cleanups and other improvements should be done in separate commits only to HEAD. A policy needs to be written and announced about this. Do we want to automatically merge VuXML commits, or just remove VuXML from the branch and only use the one in HEAD?

A large number of new infrastructure changes have been introduces over the past few months, some of which require a huge migration of all ports. To speed these changes up, a new policy was set to allow some specific fixes to be committed without maintainer approval. Experience so far has been good, things actually are being fixed faster than before and not many maintainers have complained. There was agreement that the list of fixes allowed to be committed without explicit approval should be a specific whitelist published by portmgr, and not made too broad in scope.

Erwin Lansing quickly measured the temperature of the room on changing the default protocol for fetching distils from MASTER_SITE_BACKUP from ftp to http. Agreement all around and erwin committed the change.

Ben Kaduk gave an introduction and update on MIT’s Athena Environment with some food for thought. While currently not FreeBSD based, he would like to see it become so. Based on debian/ubuntu and rolled out on hundreds of machines, it now has it’s software split into about 150 different packages and metapackages.

Dag-Erling Smørgrav discussed changes to how dependencies are handled, especially splitting dependencies that are needed at install time (or staging time) and those needed at run time. This may break several things, but pkg-1.3 will come with better dependency tracking solving part of the problem.

Ed Maste presented the idea of “package transparency”, loosely based on Google’s Certificate Transparency. By logging certificate issuance to a log server, which can be publicly checked, domain owners can search for certificates issued for their domains, and notice when a certificate is issued without their authority. Can this model be extended to packages? Mostly useful for individually signed packages, while we currently only sign the catalogue. Can we do this with the current infrastructure?

Stacy Son gave an update on Qemu user mode, which is now working with Qemu 2.0.0. Both static and dynamic binaries are supported, though only a handful of system call are supported.

Baptiste introduced the idea of having pre-/post-install scripts be a library of services, like Casper, for common actions. This reduces the ability of maintainers to perform arbitrary actions and can be sandboxed easily. This would be a huge security improvement and could also enhance performance.

Cross building is coming along quite well and most of the tree should be able to be build by a simple 'make package'. Major blockers include perl and python.

Bryan Drewery talked about a design for a PortsCI system. The idea is that committer easily can schedule a build, be it an exp-run, reference, QAT, or other, either via a web interface or something similar to a pull request, which can fire off a build.

Steve Wills talked about using Jenkins for ports. The current system polls SVN for commits and batches several changes together for a build. It uses 8 bhyve VMs instances, but is slow. Sean Bruno commented that there are several package building clusters right now, can they be unified? Also how much hardware would be needed to speed up Jenkins? We could duse Jenkins as a fronted for the system Bryan just talked about. Also, it should be able to integrate with phabricator.

Erwin opened up the floor to talk about freebsd-version(1) once more. It was introduced as a mechanism to find out the version of user land currently running as uname -r only represents the kernel version, and would thus miss updates of the base system that do no touch the kernel. Unfortunately, freebsd-version(1) cannot really be used like this in all cases, it may work for freebsd-update, but not in general. No real solution was found this time either.

The session ended with a discussion about packaging the base system. It’s a target for FreeBSD 11, but lots of questions are still to be answered. What granularity to use? What should be packages into how many packages? How to handle options? Where do we put the metadata for this? How do upgrades work? How to replace shared libraries in multiuser mode? This part also included the quote of the day: “Our buildsystem is not a paragon of configurability, but a bunch of hacks that annoyed people the most.”

Thanks to all who participated in the working group, and thanks again to DK Hostmaster for sponsoring my trip to BSDCan this year, and see you at the Ports and Packages WG meet up at EuroBSDCon in Sofia in September.

Ports and Packages Summit at EuroBSDCon 2013

August 9, 2013 by · Leave a Comment 

The FreeBSD project has provided pre-built ready-to-install binary packages for many years on a best-effort basis. While these packages do work in a large number of cases, there are too many inconsistencies and failure combinations, from the unpredictable update frequency to dependency handling across upgrades, for them to be used on a wider scale. After many months of work, we’re nearing a paradigm shift in both the format of the packages, and the building and distribution of the packages with the new PKGNG tools.

At the upcoming Developer Summit at the EuroBSDCon conference in Malta on September 26 and 27, there will be another Ports and Packages Summit, which will center on a round-table brainstorm that begins with a summary of the tremendous progress made in the last 12 months, and closes with a discussion of the roadmap on how to improve binary package creation, distribution, installation and upgrading. Please contact me if you have any topics you’d like to present or discuss. It will be an informal gathering, no formal slides or presentations are required.

As always, the DevSummit is an invitation-only event, so also contact me at [email protected] if you want to participate.

So long HP Blade Cluster and thanks for all the packages

May 19, 2011 by · 1 Comment 

After many years of faithful service, today the FreeBSD Ports Management Team decided to decommission the HP Blade Cluster. When the 20-node BladeSystem was donated to the FreeBSD Foundation, by Hewlett-Packard back in 2005, it tripled the speed of the i386 package building process. Today, and several hardware generations later however, it is no longer profitable to keep the system running inside the cluster. The portmgr team has been very pleased with the system, especially the built-in out-of-band power management- and console system. The system has also proved to be very reliable; even with continuous high workloads for so many years, the only hardware failures we experienced were some of the disks. The i386 package cluster now consists of 5 Xeon-based servers hosted at ISC until the new clusters are fully online.

We again wish to thank HP for their generous donation and Yahoo! for hosting it in one of their datacenter.

New portmgr member: Baptiste Daroussin

May 12, 2011 by · 2 Comments 

Portmgr is pleased to announce that Baptiste Daroussin, bapt@, has joined the ranks of the Ports Management team. He has been working hard on some large infrastructure improvements, including a new OPTIONS framework and PKGNG that will replace the current pkg_* tools and bring them into the 21 century. We are very happy to have him onboard, where he will continue working on these and other much needed infrastructure improvements with the full power of the pointyhats.

Ports and Packages for Supported Releases

May 12, 2011 by · Leave a Comment 

Portmgr published a new page on their website which describes the current support and EoL policies for the ports tree and released packages. The main take-home messages are:

  • Support of FreeBSD releases by ports and the ports infrastructure matches the policies set out by the FreeBSD Security Officer.
  • Package builds will use the oldest supported minor release within each major branch to ensure ABI and KBI backwards compatability within each major branch, and support all minor versions of each major branch, including -RELEASE and -STABLE.

See the full policy on the portmgr webpage.

MD5 for distinfo has been deprecated

October 29, 2010 by · 1 Comment 

erwin@ committed http://www.freebsd.org/cgi/query-pr.cgi?pr=149657, based on work by dougb@ and rene@.   It deprecates the use of md5 checksums in distinfo.  So here on in, when you run make makesum, the md5 will no longer be generated, only the sha256 checksum.

Existing distinfo containing md5 info will silently be ignored.  So at this time there is no need re-create distinfo for the sake of removing it, just allow the regular flow of ports updates take care of it.

Partial ports tree thaw

July 8, 2010 by · Leave a Comment 

The ports tree is now tagged and partially thawed. Until 8.1 is released, sweeping commits still need explicit approval from portmgr to assure that tags can be slipped for potential security issues. For more information what constitutes a sweeping change, see the portmgr webpages.

Feature freeze for 8.1 now in effect

June 18, 2010 by · Leave a Comment 

In preparation for 8.1-RELEASE, the ports tree is now in feature freeze.

Normal upgrade, new ports, and changes that only affect other branches are allowed without prior approval but with the extra Feature safe: yes tag in the commit message. Any commit that is sweeping, i.e. touches a large number of ports, infrastructural changes, commits to ports with unusually high number of dependent ports, and any other commit that requires the rebuilding of many packages is not allowed without prior explicit approval from portmgr after that date.

When in doubt, please do not hesitate to contact portmgr.

New FreeBSD portmgr secretary: Thomas Abthorpe

March 18, 2010 by · Leave a Comment 

On behalf of portmgr, I am pleased to announce that portmgr has found a new secretary: Thomas Abthorpe. Thomas has been a FreeBSD ports committer since 2007 and has made more than 1000 commits since. He has previously served on the ports-security team and is currently a member of the KDE and donation teams. He has also mentored several new ports committers over the years.

In his role as portmgr secretary, Thomas will help portmgr keep track of ongoing issues, keeps the portmgr, and other bookkeeping work like organizing votes and stay in touch with other FreeBSD teams.

Please welcome him onboard!

Partial ports thaw

March 7, 2010 by · Leave a Comment 

The ports tree is now tagged and partially thawed. Until 7.3 is released, sweeping commits still need explicit approval from portmgr to assure that tags can be slipped for potential security issues. For more information what constitutes a sweeping change, see the portmgr web pages.

Next Page »