[Dev] your-system-sanity

Freemor freemor at freemor.ca
Wed Jul 31 01:28:16 GMT 2019

Ok, preliminary work on your-system-santiy went well. And got a surprising
amount of interest from users considering that it was just in testing.

I'm writing to the dev list to get input and kick the ball around on
your-system-sanity before continuing. Things that I'd like to have solidly
defined before proceeding are:

scope - What do we want your-system-sanity to cover. My goal was to have it
cover Third Party Package Managers (TPPMs) that are dangerous to the health of
the users system python-pip is a leading example of this. The way it
currently is, it install over system files often creating a real mess (I'll
address actually fixing the TPPMs behaviours later). 

Which TPPMs fall into this category is up for discussion (Rust/cargo,
Ruby/gems, perl/cpan, etc/etc). Do we warn about all TPPMs or do we only
concern ourselves with the ones that Bork the system by default.

Do we worry about TPPMs that offer non-free or should those be handled by the
regular blacklist.txt

Several users were wanting games with the built in ability to download non-free
culture assets. I feel this is beyond that scope of your-system-sanity as it's
purpose is system stability.

What work needs to be done outside of the package itself. As I added gems to
the initial list in your-system-sanity I had to rebuild ruby so the depend on
gems was optional. I haven't looked at the Rust build yet as it is an Arch
package but I do not see a separate cargo package. That would need to be
addressed. Probably others.

As I imagines this being part of base/base-openrc there is some concern that it
could break builds in abslibre as it may effect their depends or the ability to
build things if they require things like cargo,gems,maven,etc. This may
actually be a desirable outcome as things shouldn't be using things like maven
to pull in other source files during the build stage. 

bill-auger correctly pointed out that the best thing to ultimately do is get
the TPPMs fixed upstream so the install into /usr/local/ or the users home dir.
This may be an uphill battle as there is a strong pull everything from
everywhere culture out there and so there may not be much interest in making it
right. I did some digging and there is a BUG for PIP re: defaulting to
/usr/local/ that has been going on for years, closed, re-opened, and on and on
with no real concrete outcome I could see. Though it did seem that they added
some ./configure options or the like to change how it behaves (I'll have to
find it again. Will post it here when I do).

As for the games/non-free assets downloading situation I personally feel that
that is something better addressed with the existing blacklist
(recommends-nonfree) or the like. 

So Let the input fly..  :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20190730/9a1bfadb/attachment.sig>

More information about the Dev mailing list