X-Original-To: alpine-infra@lists.alpinelinux.org
Received: from mail.bitmessage.ch (mail.bitmessage.ch [146.228.112.252])
	by lists.alpinelinux.org (Postfix) with ESMTP id 358835C4533
	for <alpine-infra@lists.alpinelinux.org>; Sun, 29 Oct 2017 12:28:25 +0000 (GMT)
dkim-signature: v=1; a=rsa-sha256; d=bitmessage.ch; s=mail;
	c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type:In-Reply-To:References;
	bh=tuWDlfFHB+D4RVJ5stw+qtWNK6vfEYou6Z6FCuATqus=;
	b=jsQ/i7zmwp1tpJZ2y1cSyhOyuEAbp5z2g2l1L16X0QzV5cOgt8rMZFjYb39kUQigRqhi4VHhhIN++bmvuv/VkrIhymmOnolGTzBg+ETPX0uR+eBeUgOe0gY0Hfo61ln3oL2tPSmx1BLbkdgPRJ40jNz2Q98Fo0tcsgSfH10LAck=
Received: from [127.0.0.1] (BITMESSAGE [127.0.0.1])
	by mail.bitmessage.ch with ESMTPA
	; Sun, 29 Oct 2017 13:27:06 +0100
Subject: Re: Building unofficial packages on Alpine build infrastructure?
To: William Pitcock <nenolod@dereferenced.org>
Cc: alpine-infra@lists.alpinelinux.org
References: <514355cb-b6f1-c220-99fc-b096dcb0b693@bitmessage.ch>
 <CA+T2pCFsduoT_cX5K=5Ngv-B0Ko2-0iViSS0VPo=WC9FykhJQw@mail.gmail.com>
From: Oliver Smith <ollieparanoid@bitmessage.ch>
Message-ID: <55293c01-cd18-19c0-1380-b0ce96a146d0@bitmessage.ch>
Date: Sun, 29 Oct 2017 12:27:00 +0000
MIME-Version: 1.0
In-Reply-To: <CA+T2pCFsduoT_cX5K=5Ngv-B0Ko2-0iViSS0VPo=WC9FykhJQw@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="oh8PSpxsfXnwLmOBHnVQRJofa7WoOhNbs"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--oh8PSpxsfXnwLmOBHnVQRJofa7WoOhNbs
Content-Type: multipart/mixed; boundary="JS7bIrQAFd2c0XJa2EE6Ap4f00lg47AlR";
 protected-headers="v1"
From: Oliver Smith <ollieparanoid@bitmessage.ch>
To: William Pitcock <nenolod@dereferenced.org>
Cc: alpine-infra@lists.alpinelinux.org
Message-ID: <55293c01-cd18-19c0-1380-b0ce96a146d0@bitmessage.ch>
Subject: Re: Building unofficial packages on Alpine build infrastructure?
References: <514355cb-b6f1-c220-99fc-b096dcb0b693@bitmessage.ch>
 <CA+T2pCFsduoT_cX5K=5Ngv-B0Ko2-0iViSS0VPo=WC9FykhJQw@mail.gmail.com>
In-Reply-To: <CA+T2pCFsduoT_cX5K=5Ngv-B0Ko2-0iViSS0VPo=WC9FykhJQw@mail.gmail.com>

--JS7bIrQAFd2c0XJa2EE6Ap4f00lg47AlR
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

> why a phone OS distribution is concentrating on KDE when they haven't e=
ven managed to check off the "makes phone calls" tickbox yet.

=46rom what I have learned from various comments on our project is, that =
the people who say "but it does not make calls yet" would be the same one=
s who say "but it doesn't have a UI yet" and then go on with jokes about =
making phone calls with emacs and what not (which I do find pretty funny)=
=2E postmarketOS is far from ready for being a daily driver and we're try=
ing to be upfront with that basically everywhere (on the homepage, in eve=
ry blog post, in github, in the wiki, ... - suggestions on how we can imp=
rove that are welcome).

There are people working on the plasma stack, because that is what intere=
sts them. I don't see any point in saying: "No, everyone must work on the=
 telephony stack first." Personally I try support all efforts that bring =
the project forward, in one direction or another (tablets and using old p=
hones as raspberry pis with sensors built in are fine use cases as well, =
that can also save the devices from being useless and thrown away). And I=
'm trying to see where we are blocked and push in that direction so we ca=
n move forward.

A binary repository is one of them, it would make the life of all contrib=
utors much easier (some contributors don't have access to fast CPUs and c=
ompiling kernels already takes hours for them), that's why I'd like to ha=
ve a solution for that rather sooner than later.

So I've tried to politely ask with this post if Alpine would like to buil=
d postmarketOS packages, or not (which is answered now). And also only be=
cause making this possible was suggested by Alpine developers in the firs=
t place, I would not have asked otherwise.

> At least, any firmware I would be loading into my phone, I would want
> to be delivered to me in a signed package, not downloaded at install
> time.

The idea is to use abuild *on the phone* to download and verify the blobs=
 and build the firmware package, then install that cleanly with apk. If y=
ou are interested in this topic and have the time to spare, I would be ha=
ppy if you reviewed the idea in the GitHub issue (also regarding Alpine p=
olicy and how we could make it conform to that).

Best regards,
Oliver


William Pitcock:
> Hi,
>=20
> On Tue, Oct 24, 2017 at 5:47 PM, Oliver Smith
> <ollieparanoid@bitmessage.ch> wrote:
>> Dear Alpinists,
>>
>>
>> at least Timo Teras[1] and William Pitcock[2] have proposed, that the
>> Alpine package building infrastructure could be used for unofficial
>> Alpine packages, when "the new build infrastructure [is] in place".
>=20
> Yes, I have indeed proposed this.
> But the new build infrastructure is not yet in place.
>=20
>> So postmarketOS[3] is a thin layer on top of Alpine, that provides
>> packages to make it work on mobile devices. Currently every user is
>> compiling these from source, but we would be very grateful if we could=

>> use Alpine's infrastructure for building binary packages. That way we
>> could focus more on actual development and giving back to Alpine (e.g.=

>> together with Ad=C3=A9lie, we're currently upstreaming KDE), instead o=
f
>> duplicating the effort.
>=20
> I proposed that we (Adelie and pmOS) might work together, but
> unfortunately our requirements are incompatible (LTS vs. non-LTS
> KDE).[1]
>=20
>> For reference, here[4] are our current aports. Especially the device
>> folder makes no sense to be upstreamed. We will not build packages tha=
t
>> contain closed source blobs (our firmware aports will be refactored to=

>> download these files at installation time[5]).
>>
>> Thoughts?
>=20
> Well, I mean, I don't want to tell you what to do, but it seems
> foolish to use a package manager which can cryptographically verify
> package contents just to download a script which downloads the real
> files.
> At least, any firmware I would be loading into my phone, I would want
> to be delivered to me in a signed package, not downloaded at install
> time.
> Not to mention that packages which download files in their
> post-install scripts are a violation of Alpine policy.
>=20
> William
>=20
> [1]: Since we're using footnotes, I might ponder out loud why a phone
> OS distribution is concentrating on KDE when they haven't even managed
> to check off the "makes phone calls" tickbox yet.[2]
> [2]: While I am not involved in sysadmin tasks around here, I am
> pretty sure that any such collaboration on buildserver usage would be
> dependent on the derivative proving it's viability first.  See also
> checking off the "makes phone calls" tickbox.
>=20


--JS7bIrQAFd2c0XJa2EE6Ap4f00lg47AlR--

--oh8PSpxsfXnwLmOBHnVQRJofa7WoOhNbs
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEVuhTDbWL3IASV/XwWuf1UT4IhcsFAln1yUsACgkQWuf1UT4I
hcufqw//Vxa4BSWf/s2SPA21O1IuMIb3JQoWVculIVTAhaoMdx9WVNaB+ElvZ7PB
GBHBka+N/RDqPPuTsFkxBvhj9Xf7rh8r9NbieoqR0m8R0LU3lIyrtm+BqY7fP2Tq
vTpsH4Dp0YNoHPRFKYuB7C4pF8obi6KuOiZft1OgmRvwYAjcn87li0QpiEeb6c9o
MEy/47z5gQQ5WXHSU6bNS9hHVTgaJLM/qev1tKFfXosScFuObRjFz+kjwt1rc1iQ
vuXQ/lU8IEGroRCSdsyfqB+8OZFLknYOyS332p4WPaoKSwL4G1KHjkuFS/rqibet
87IZoMIij8hUodsOf+fXJmPPfeyriRyIqVtzhFx6liYEM0zo2rpuE9UCVMHMbFsN
BXJCDaDHdtHXTrCrlZ0i4XPeQm+tqFsXzu2o90QyUElDUGoF3KITXWshgOaDWCs/
NXNpxogt+Oy5uqyVn6EBYYiyhM5Y/ZW2e4up0/qVtmNVtAwHwP5RJMwaSInd+AB7
/2fpByyA2HjbvNigqpd8cZSeqW33Z2VpO55jsdZbYTQETtdBZQZvFV6ZegYYxPyk
Tkdhgyij4Yk7GWSnd5FpEu7SC/opOmhEBsXxRJPEYPL6dykXrhC7tvoETAJgvBt2
gYYyZnCjcGUAyTPuIkVwhAqKBacFu5QgQ3MUu8GyuOuq8FUGO44=
=4tj7
-----END PGP SIGNATURE-----

--oh8PSpxsfXnwLmOBHnVQRJofa7WoOhNbs--