## ALPM in Rust <p><img data-src="images/archlinux.png" height="128px"></p> <p>Arch Summit 2023</p> <p>David Runge</p>
### Overview * Motivation * Oxidation * Further
### Previous presentations * [All Systems Go! 2023](https://cfp.all-systems-go.io/all-systems-go-2023/talk/3LES8Z/) * [FrOSCon 2023](https://programm.froscon.org/2023/events/2909.html)
## Motivation π¦Ύ
### Package metadata has no specification * [.BUILDINFO](https://man.archlinux.org/man/core/pacman/BUILDINFO.5.en) - build environment information * [.MTREE](https://man.archlinux.org/man/mtree.5) - package contents (compressed libarchive [mtree](https://man.archlinux.org/man/mtree.5) file) * [.PKGINFO](https://gitlab.archlinux.org/pacman/pacman/-/merge_requests/27) - package metadata * .SRCINFO - package source information (derived from PKGBUILD data)
### Package repository metadata has no specification * `desc` - information on packages in the version found in a repository * `files` - list of files provided by a package found in a repository
### Libalpm metadata has no specification * `desc` - information on packages in the version found on the system (differs from package repository metadata!) * `files` - list of files provided by a package found on the system
### Relationships π€ * Package building (devtools/ makepkg) β¬οΈ * Repository management (dbscripts) β¬οΈ * Package management (pacman)
### Package building π¦ <p> <img data-src="images/diagram_pkg_build.svg"> </p>
### Repository server ποΈ <p> <img data-src="images/diagram_repo_server.svg"> </p>
### User machine π₯οΈ <p> <img data-src="images/diagram_user_machine.svg"> </p>
## Closed loops βΎοΈ * The Pacman project encompasses pacman *and* makepkg * Changes to internal files (in part used by pacman) are introduced in makepkg (in Bash) π * Changes to internal file types are defined by Pacman releases * Updates to Pacman may or may not be (silently) breaking for consumers
## *"Sir, this is a Wendy's"* * Specifications without versioning and deprecation (*.BUILDINFO* has a format version) * Specifications and validation in Bash is **hard** (and not pretty) * There are no unit or integration tests for metadata files * Repository management with dbscripts is limiting and dangerous (no transactions, no concurrency, no rollback)
## Input validation, please ```sh vercmp "π±" "πΆ" 0 ```
## Oxidation π¦
## A need for specs π * we need versioned file specifications * we need file parsers and writers, that can be integrated across languages * we want memory safety and speed π¦
## Common types * [alpm-types](https://gitlab.archlinux.org/archlinux/alpm/alpm-types/) library crate for common types used in Arch Linux Package Management (ALPM) software * low-level types for validating specific fields for metadata files are implemented on a need-to-have basis * extra goodies: a strict `vercmp` is now easy to write! π
## .BUILDINFO * [alpm-buildinfo](https://gitlab.archlinux.org/archlinux/alpm/alpm-buildinfo/) library/ binary crate for `.BUILDINFO` specification * man page per file version * `alpm-buildinfo` as CLI tool for verifying and writing `.BUILDINFO` files * describes version `1` of `.BUILDINFO` in version `0.1.0`
## Further π
## More specifications and implementations π * versioned specifications for `.PKGINFO`, `.MTREE`, `.SRCINFO` after adding required types to `alpm-types` * versioned specifications for `desc` and `files` files found in repository sync databases
## Upstreaming π * replace reference implementations in `makepkg` and `repo-add` * export for other languages (e.g. Python) to replace duplicate efforts in `repod` * profit! π₯³
## The deep end π * versioned specifications for `desc` and `files` files found in libalpm database directories * implement `libalpm` in Rust * `racman`, when?
## Funding π° * [NLnet](https://nlnet.nl) application for `.BUILDINFO`, `.PKGINFO`, `.MTREE` and `.SRCINFO` specifications (π currently in round two review) * [STF](https://sovereigntechfund.de) application for `.BUILDINFO`, `.PKGINFO`, `.MTREE`, `.SRCINFO`, `desc` and `files` specifications, as well as libalpm in Rust (π currently in review)
## Contact π± <style> .verticalhorizontal { display: table-cell; height: 100px; text-align: center; width: 100px; vertical-align: middle; } </style> <table border="0px" text-align="center" vertical-align="middle"><tr><td class="verticalhorizontal"><a href="https://gitlab.archlinux.org/archlinux/alpm">gitlab.archlinux.org/archlinux/alpm</a></td><td class="verticalhorizontal"><img data-src="images/website.png" height="99px"></td></tr></table> <table border="0px" text-align="center" vertical-align="middle"><tr><td class="verticalhorizontal"><p><a href="mailto:dvzrv@archlinux.org">dvzrv@archlinux.org</a></p></td><td class="verticalhorizontal"><img data-src="images/email.png" height="99px"></td></tr></table> <a href="ircs://irc.libera.chat/archlinux-projects">#archlinux-projects</a> on <a href="https://libera.chat/">Libera Chat</a> or <a href="https://lists.archlinux.org/listinfo/arch-projects">arch-projects</a> mailing list for ALPM projects