Difference between pages "FLOP:Kerberos V implementations" and "Virtual Packages"

(Difference between pages)
(FLOP on krb5 impls)
 
(two first cases for virtuals)
 
Line 1: Line 1:
{{FLOP
+
Virtual packages are special packages that correspond to a feature that can be satisfied by one or more package(s). This Wiki page aims to describe when and how to use them correctly, and what are their implications.
|Created on=2015/02/06
+
|Summary=Funtoo supports two binary-incompatible Kerberos V implementations: MIT and Heimdal. Ebuilds supporting both need to properly depend on them to ensure rebuilds.
+
|Author=Mgorny,
+
|FLOP Status=Pending Review
+
|Reference Bug=FL-2093
+
}}
+
== Overview ==
+
There are currently two Kerberos V implementations in Funtoo:
+
* MIT Kerberos V ({{Package|app-crypt/mit-krb5}}),
+
* Heimdal ({{Package|app-crypt/heimdal}}).
+
  
Both implementations use the same library names and a partially compatible API. However, they are binary incompatible and use different (non-colliding) SONAMEs.
+
== Virtual packages, metapackages and package sets ==
 +
Virtual packages, metapackages and package sets are similar concepts. However, they have a few important differences that make them fit for different use cases.
  
Many of Kerberos V applications support both implementations. In this case, the relevant packages depend on {{Package|virtual/krb5}}. Some applications support only one of the implementations, depending on it directly.
+
Virtual packages and metapackages are regular Funtoo packages (ebuilds) that install no files. Instead, they cause other packages to be installed by specifying them in their runtime dependencies. They can both be used in any context valid for regular packages. They can have multiple versions, slots and USE flags. They have to be located in an active repository, and once there they can be installed and uninstalled like regular packages.
  
 +
Package sets are not packages but special atoms supported by Portage. Package sets can only specify other packages, either via a static list or dynamically (e.g. via running Python code that determines the package list). Package sets can't be versioned and don't have USE flags. Package sets can be used alongside packages in emerge commands and other package sets but they can't be referenced inside regular packages. Package sets can be installed into user's system, located in repositories or created by user in Portage configuration.
  
== Issues with the current solution ==
+
Virtual packages represent a commonly used feature that can be provided by multiple different providers. Virtuals provide a convenient way of specifying all possible alternatives without having to update multiple ebuilds.
Virtuals are based on assumption that the providers can be switched at runtime. However, since the krb5 implementations are binary-incompatible, switching them at runtime is incorrect and results in the reverse dependencies being broken. Instead, implementation switch needs to be followed by automatic reverse dependency rebuild.
+
  
Furthermore, the lack of explicit implementation control will be an issue if installing both implementations in parallel becomes possible in the future. This could be desired since there are both packages supporting only mit-krb5, as well as packages supporting only heimdal.
+
Metapackages and package sets are used to represent lists of packages that user may want to install together. They provide a convenience for users, e.g. providing a shortcut to install all packages comprising a desktop environment.
  
 +
== When virtual packages can be used? ==
 +
For virtual package ebuild to work correctly, the two following requirements must be met:
 +
# the virtual providers must be interchangeable at runtime with no consequences to the reverse dependencies. In other words, installing another provider and removing the currently used provider must not cause any breakage or require reverse dependencies to be rebuilt.
 +
# Reverse dependencies need to have consistent, predictable requirements for the alternatives. In other words, the packages must not require a very specific versions of the alternatives.
  
== Suggested solution ==
+
Virtuals can not be used if the underlying packages don't provide binary compatibility at least between predictable range of versions.
The simplest solution seems to be introducing a USE flag in all reverse dependencies that support both mit-krb5 and heimdal. The flag would decide which of the two implementation is used.
+
  
An example reverse dependency would look like:
+
== Common uses for virtual packages ==
{{File|name=example-1.ebuild|body=
+
=== System components and services ===
IUSE="heimdal"
+
Example: ''virtual/service-manager''
RDEPEND="
+
    heimdal? ( app-crypt/heimdal:0= )
+
    !heimdal? ( app-crypt/mit-krb5:0= )"
+
}}
+
  
If Kerberos V support is optional, the flags would be combined with the ''kerberos'' feature flag:
+
One of the common uses for virtuals is to define abstract ''system services''. Those virtuals are not very specific on how those services are provided. They are mostly intended to be used in the @system package set, to ensure that the user system doesn't lack key components such as a service manager or a package manager.
{{File|name=example-1.ebuild|body=
+
IUSE="heimdal kerberos"
+
RDEPEND="
+
    kerberos? (
+
        heimdal? ( app-crypt/heimdal:0= )
+
        !heimdal? ( app-crypt/mit-krb5:0= )
+
    )"
+
}}
+
  
This implementation implies that:
+
The providers for this kind of virtuals do not have to meet any specific requirements except for having a particular function. In particular, there's no requirement for common configuration or provided executables. The user is responsible for ensuring that the installed implementation is set up and working.
# user is given an explicit choice of Kerberos V implementation.
+
 
# Switch of a Kerberos V implementation would cause a rebuild through ''--changed-use'', therefore resolving breakage caused by ABI change.
+
=== Tools provided by multiple packages ===
{{FLOPFooter}}
+
Example: ''virtual/eject''
 +
 
 +
This kind of virtuals is used when multiple packages may provide tools with the same names. The virtual is used in packages that rely on those tools being present, in particular when the tools are used at build-time of the package or are called by package's scripts (executables).
 +
 
 +
While the tools don't necessarily need to be fully compatible, they need to have a common basic usage. In particular, when a tool from one provider is replaced by a tool from another, the reverse dependencies must remain in working state, with no need for rebuilds or configuration adjustments.

Revision as of 13:31, February 7, 2015

Virtual packages are special packages that correspond to a feature that can be satisfied by one or more package(s). This Wiki page aims to describe when and how to use them correctly, and what are their implications.

Virtual packages, metapackages and package sets

Virtual packages, metapackages and package sets are similar concepts. However, they have a few important differences that make them fit for different use cases.

Virtual packages and metapackages are regular Funtoo packages (ebuilds) that install no files. Instead, they cause other packages to be installed by specifying them in their runtime dependencies. They can both be used in any context valid for regular packages. They can have multiple versions, slots and USE flags. They have to be located in an active repository, and once there they can be installed and uninstalled like regular packages.

Package sets are not packages but special atoms supported by Portage. Package sets can only specify other packages, either via a static list or dynamically (e.g. via running Python code that determines the package list). Package sets can't be versioned and don't have USE flags. Package sets can be used alongside packages in emerge commands and other package sets but they can't be referenced inside regular packages. Package sets can be installed into user's system, located in repositories or created by user in Portage configuration.

Virtual packages represent a commonly used feature that can be provided by multiple different providers. Virtuals provide a convenient way of specifying all possible alternatives without having to update multiple ebuilds.

Metapackages and package sets are used to represent lists of packages that user may want to install together. They provide a convenience for users, e.g. providing a shortcut to install all packages comprising a desktop environment.

When virtual packages can be used?

For virtual package ebuild to work correctly, the two following requirements must be met:

  1. the virtual providers must be interchangeable at runtime with no consequences to the reverse dependencies. In other words, installing another provider and removing the currently used provider must not cause any breakage or require reverse dependencies to be rebuilt.
  2. Reverse dependencies need to have consistent, predictable requirements for the alternatives. In other words, the packages must not require a very specific versions of the alternatives.

Virtuals can not be used if the underlying packages don't provide binary compatibility at least between predictable range of versions.

Common uses for virtual packages

System components and services

Example: virtual/service-manager

One of the common uses for virtuals is to define abstract system services. Those virtuals are not very specific on how those services are provided. They are mostly intended to be used in the @system package set, to ensure that the user system doesn't lack key components such as a service manager or a package manager.

The providers for this kind of virtuals do not have to meet any specific requirements except for having a particular function. In particular, there's no requirement for common configuration or provided executables. The user is responsible for ensuring that the installed implementation is set up and working.

Tools provided by multiple packages

Example: virtual/eject

This kind of virtuals is used when multiple packages may provide tools with the same names. The virtual is used in packages that rely on those tools being present, in particular when the tools are used at build-time of the package or are called by package's scripts (executables).

While the tools don't necessarily need to be fully compatible, they need to have a common basic usage. In particular, when a tool from one provider is replaced by a tool from another, the reverse dependencies must remain in working state, with no need for rebuilds or configuration adjustments.