[erlang-questions] Erlang package manager
Tuncer Ayaz
tuncer.ayaz@REDACTED
Tue Dec 16 18:05:15 CET 2014
Hi Bruce,
in addition to what others have said, here's a list of other important
features.
-- must haves --
* archival of published versions
* real version constraint solver (SAT)
* instead of blindly following semver, look at RPM versioning. see
comments starting here:
https://github.com/rebar/rebar/issues/240#issuecomment-38035168
* design index _and_ packages folder with mirroring in mind:
- avoid SPOF (availability and reliability issues)
- allow local mirrors
- Ideally avoid the use of a CDN and use mirrors like FreeBSD, CTAN,
and Linux distros do. This means, master is only written to when
the index is updated and normally no client operation should
contact master. So, only mirrors should ever be in contac with
the master.
- Avoiding a CDN solves multiple issues:
+ no superfluous hosting costs due to unnecessary centralization.
hosting costs may not be a problem today, but a package index
and repo of open source code does not need to be hosted in a
central location by one administrating org.
+ No accessibility issues for geographical or organizational
network reasons. This is where the ability to mirror, as in CTAN
or Debian mirror, is a vital feature.
+ No downtime if, say, S3 is for some reason inaccessible or its
availability is limited.
- With a proper mirroring system in place, the only operation that can
suffer is modification of the index+package_dir. That means, no r/o
user will be affected if EIUG takes master down for maintenance.
This may seem like it's not a problem, but compared to centralized
solutions, I never once had a remote reliability problem when
operating on Linux, BSD, or CTAN packages.
- Based on the multitude of mirrors for BSD, Linux, CTAN, etc., I
believe it's more likely for someone to host another mirror than
expecting such offers to turn into monetary support for covering
costs of a centralized system.
-- nice to have --
* pinning as - in stay at this version and do not down-/up-grade
* pinning local package as in 'opam source PKGNAME --pin'
* regardless of .ez limitations, architecture specific variants of a
package
* delta index (Debian-like) and package updates (Fedora-like)
-- to be careful about --
* generating native packages (FreeBSD pkg, dpkg, rpm, etc.) is nice to
have, but if existing issues of, say, the way Perl is packaged in
Linux distros is any indication, I'd say it should only be optional.
* a git repository with its history is not a suitable mechanism to
store either the index or the packages
-- extra notes --
I had planned to work on .ez-fying all libs/apps in
OTP-18.0, but I haven't had the time to approach that yet. I mention
that because we definitely have to improve support in that space
first, especially:
* Make sure everything works with .ez archives without first
extracting (like JAR and WAR archives).
* Figure out official extensions of .app fields to properly support
packaging in general.
* Figure out a convention to load .so/.dll from .ez and extend the
loaders accordingly. It's up for discussion whether somepkg-1.0.ez
should bundle all .so/.dll files or if there should be one
somepkg-1.0-<ARCH>.ez for each supported architecture.
More information about the erlang-questions
mailing list