User:0xdc/substrate/20200501

From Gentoo Wiki
Jump to:navigation Jump to:search

Phew, it's been another while since I made notes on substrate. While there have been builds since December, up to last month's (April) builds didn't have too many changes. That's now changed! May has some big changes, that need to be documented.

Changes

catalyst 3.1/4?

catalyst has been getting some upstream love! This is great news, except a lot of existing behaviour is changing quite rapidly and incompatibly with my patches.

Some important changes:

  • a new dependency on dev-python/pytoml
  • FEATURES=binpkg-multi-instance, this allows us to use a single shared package repository safely
  • digests are now provided as blake2 and sha512 sums only, without the need to shash
  • stage1+stage2 only prepare the C.UTF-8 locale. Makes them smaller and less locales to generate (saves time on arm!)
  • CONTENTS files are now gzipped

Anyway, I've tried to include as many of the changes as I could, but there's still more coming!

migration to nftables

iptables has been deprecated for a while and new firewalls *should* be written in nftables. It took me a while to actually learn nft but it's pretty handy. Start using it!

machined import-tar script

I've also added one of my helper scripts (/builds/import-tar.sh) for users of systemd nspawn containers. This'll import any of the output stages, and if it finds portage, it will set it up to share packages and the portage dir with your host and any other containers. This means you can use clean building containers to build packages for your main system or other containers.

Embedded stages

Speaking of systemd-nspawn containers, I've repurposed the 'embedded' target to produce systemd stages. These aren't as small as normal embedded containers, as we need to pull in dynamic dependencies, but it allows us to output systemd based mini-distros that are only able to perform a specific task (but perform it very well!).

For now, I've included an amd64 nginx image with rtmp support as a real example. I use it a lot too.

Shared snapcache

I've enabled snapcache for all architectures, since we use the squashfs snapshots and mount namespaces. This means for a particular snapshot, we only unpack it once. This is really useful for arm, since the unpack is slow and removal is slow, and we'd have to do both of those tasks for each stage build.

Notes

amd64

  • Seed (upstream) stage: stage3-amd64-systemd-20200423.tar.bz2

arm

  • Seed stage3: stage3-armv7a_hardfp-20180831.tar.bz2 -> 20190601 -> 20191201 -> 20200301

The stage builds to create the 20190601 versions are still affected by the previous mpfr issues User:0xdc/substrate/20191201#armv7a. However the workaround then breaks subsequent builds so the workaround was removed.