Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id AD530782C00
	for <~alpine/devel@lists.alpinelinux.org>; Fri, 17 Jan 2020 07:31:20 +0000 (UTC)
Received: by mail-pf1-f173.google.com with SMTP id p14so11538878pfn.4
        for <~alpine/devel@lists.alpinelinux.org>; Thu, 16 Jan 2020 23:31:20 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=hjq3R5Tkah4vW3Z2FpjHR/dtZPtm0zwEcELH54kjbtg=;
        b=mhH6bTqZaV3oD5IAXiea/KbFS/tXCeDegEBhHpLZes3cWzBsVOnp8iDj+xDkUxeTVU
         ZY91jF2MoPrbZDpwf5SxN14VY0piuScL6/vwWBzjJjb5VqipZNoKGxKGzQnDRFyA6g9D
         cwy5VgUUwcvHPUwYv9rBhGZBmNlS2px6IU12xSNF2bAzqA/agSNejgpvSCi8T0iuzqgI
         gj7LJtM7v30nB/iXWz1Cx0vUohsb8vHtjZ1hHTQ53dYPRWjt7if7D5VkujKoe6aZPciS
         euOKCX4b4l3IvKvVpa9Lfw88kUffIjFeAPrqkvEk/Ef3lv81iYM42Y5npFm1xmb2Auug
         2HLQ==
X-Gm-Message-State: APjAAAUh0d1Oyq2MMZkNzodLTZDTgNv4JSQ2rpMtXGU3fQNG+fVh2aEJ
	cvGp8IAz75cjhTzh3REQxrcO8kax
X-Google-Smtp-Source: APXvYqzx9kt7NjjcYv48NlNBjxxf8H5VfyjK05Hseq4SyIEueH7QoGTQfpqb1vMdVhQVoW2C4TXBMw==
X-Received: by 2002:a62:3892:: with SMTP id f140mr1624775pfa.190.1579246278534;
        Thu, 16 Jan 2020 23:31:18 -0800 (PST)
Received: from vostro.lan (2001-44b8-01b4-a600-3641-5dff-fe8b-7d4c.static.ipv6.internode.on.net. [2001:44b8:1b4:a600:3641:5dff:fe8b:7d4c])
        by smtp.gmail.com with ESMTPSA id p5sm26925746pgs.28.2020.01.16.23.31.16
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 16 Jan 2020 23:31:18 -0800 (PST)
Date: Fri, 17 Jan 2020 09:31:10 +0200
From: Timo Teras <timo.teras@iki.fi>
To: Natanael Copa <ncopa@alpinelinux.org>
Cc: ~alpine/devel@lists.alpinelinux.org
Subject: repo pinning, whether to include repository name in pkg [was Re:
 new package format and repository layout changes]
Message-ID: <20200117093110.13bfdc9f@vostro.lan>
In-Reply-To: <20200117032933.421dfe8b@vostro>
References: <20191230145542.1a7ca9cf@vostro>
	<20200116121517.0a050f85@ncopa-desktop.copa.dup.pw>
	<20200117032933.421dfe8b@vostro>
X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; x86_64-alpine-linux-musl)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Fri, 17 Jan 2020 03:29:33 +0200
Timo Teras <timo.teras@iki.fi> wrote:

> So the problem in general is that if you have edge's main + community
> untagged, and @testing tagged.
> 
> Then the following happens:
>  1. install package from @testing
>  2. that package gets updated in our repo, and the old one get's
> removed 3. the index is updated
> 
> After this we have system with package from @testing. To be able to
> recalculate the system consistency, we need to be able to verify that
> the currently installed package came from @testing. If this is not
> possible apk would currently try to enforce upgrading to the updated
> version, even if something else was just added (the updated tagged
> package would be preferred).
> 
> This becomes even more important on run-from-ram system. When on
> reboot recalculating what can be installed. On above instance the
> package would no be installed if the tag cannot be validated.
> 
> Currently, the installed database contains the repository tag as-is
> where it was installed. This is inserted by apk on install time. For
> run-from-ram systems this is also stored in the cache repository
> index. 
> 
> But the above system is fragile. And can fail in certain scenarios
> too.
> 
> The point is that having the @tag syntax in repositories that is
> locally configurable is problematic. My idea was to perhaps keep the
> @tag syntax but bind it to something that comes from the index and is
> present in the packages.

I've been thinking this further.

The original issue why this was really, really needed was that the
run-from-ram setups can properly boot from cache when the package is no
longer in any index.

Another option to solve this, would be following scheme:
 - no repository information in the package
 - no storing of the tag info to installed-db nor cache
 - resolve repo tags always on run time
 - if package is installed, assume it has been in repository with
   proper tag. thus ignore any tag checking for these.
   (caveat: if someone modifies 'world' manually and adds the tag, that
   is not picked up properly)
 - for run-from-ram systems, the store a separate list in the overlay
   that contains the exact set of packages the system is running.

   caveat: after ugprade, one would need to do lbu commit to store the
   new system setup. though, this might in fact be preferred function,
   since this would also fix a known issue that doing "apk update" but
   not "apk upgrade" and then booting might break the reboot.

One more kludgy thing is the virtual packages. Those probably need to
be treated similarly as 'world'. Either as etc/apk/vpkg config file or
similar.

Having said all this. I am still somewhat concerned and thinking that
putting repository name to the package might be useful thing. But
perhaps in should be the originally-built-from-repository and not the
index name.

Does any of you share my concerns that the repo name should be signed?

Timo