Am Montag, 28. Juni 2021, 16:13:41 CEST schrieb Rich Freeman:
> On Mon, Jun 28, 2021 at 9:46 AM Michael Orlitzky <mjo@gentoo.org> wrote:
> >
> > On Mon, 2021-06-28 at 15:00 +0200, Agostino Sarubbo wrote:
> > >
> > > Instead, imagine that each ebuild declares a variable called SOURCETYPE ( or
> > > similar, or in metadata.xml if you prefer ) and with a tool like equery/eix we
> > > are able to get the list of all packages that compiles C code.
> > >
> >
> > I think all you are really asking for is that we stop omitting a random
> > subset of @system from *DEPEND.
> >
> > This is long overdue, for many reasons, but in particular it would
> > force us to declare a dependency on a C compiler if one is needed and
> > allow you to re-test only those packages that use a C compiler.
>
> ++ - this would also support parallel building of @system.
>
> Obviously we'll still need a core set of packages needed for
> bootstrapping/etc, but there is no reason @system couldn't just be
> another virtual.
>
> You could also have convenience virtuals for things like the C
> toolchain and so on. This will both support alternate implementations
> and avoid having to have laundry lists of deps in every ebuild.
>
> A simple way to transition would be to create a system virtual and add
> it to all ebuilds, but ask that this be removed in future updates in
> favor of more specific dependencies. Over time then the tree would
> move to specified true deps. Catalyst could still use a virtual as a
> target for bootstrapping stages.
>
> Another tool that would be useful is what some other distros do - use
> mount namespaces/etc to allow build systems to only see parts of the
> filesystem (down to the file level) that are specified in
> dependencies. This would basically eliminate unspecified or automagic
> dependencies, since anything not specified basically doesn't exist at
> build time. If you didn't want to use mount namespaces then our
> sandbox already allows limiting read access to only specified files -
> we just configure it to allow read-only to everything for every
> package.
>
>
Hello,
I was already writing an answer, which describes basically the same idea,
when Rich's mail arrived. I want to post my mail anyway. Maybe it provides
some additional information:
Wouldn't the right place be in BDEPEND, maybe hidden by some eclass magic?
Some time ago, I have looked into Nix. They try to get reliable input by path
manipulation and therefore can depend on the compiler (with a specific
version). If I get there build system right, it only builds a software if
all dependencies are installed beforehand in a specific input specific
folder.
I'm questioning myself, if this is also possible in a Gentoo compatible
way with Linux namespaces?:
1. Create a new namespace for / (consisting of no files).
2. Bindmount/Link every file of each dependency into it at the exact same place.
3. Link some socket(?) to communicate with the outer portage.
4. Trigger the build process.
I imagine something like the the TemporaryFileSystem feature of Systemd
together with BindPaths [1]. This uses Linux namespaces internally, too.
In a pseudo service file syntax:
```
[Service]
ExecStart=ebuild mytool-1.0.2 compile
TemporaryFileSystem=:ro
BindPaths=$(equery files $(equery depgraph =mytool-1.0.2))
```
This should only build, if _all_ build dependencies are present
(including every compiler and base system tool). Of course, it needs a
bigger rework of the portage build process.
Gerion
[1]
https://www.freedesktop.org/software/systemd/man/systemd.exec.html#BindPaths=