[Rpm-ecosystem] lua, unprivileged rpm, and rpm-ostree
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Thu Aug 11 15:45:24 UTC 2016
On Thu, Aug 11, 2016 at 11:27:18AM -0400, Colin Walters wrote:
> So finally, a problem is right now we aren't implementing lua:
> https://github.com/projectatomic/rpm-ostree/pull/424
>
> I'd actually like to avoid implementing lua for as long as possible -
> from my readings in Fedora, most of the usage is for legacy updates
> or workarounds. glibc is however using it in a %posttrans, which
> we could easily port to shell. I might submit a patch to do so.
I think this goes in the opposite direction to recent changes in
various packages. It's not only glibc, but also fedora-release,
systemd, and probably others, which were converted to lua. The main
reason is reduced dependencies: using lua allows a dpendency on shell,
awk, sed, etc. to be avoided. Second reason is better speed.
In a relatively bare VM:
test at rawhide systemd (master)$ rpm -qa --scripts |grep 'using .lua.'|wc -l
16
test at rawhide systemd (master)$ rpm -qa --filetriggerscripts |grep 'using .lua.' |wc -l
3
Speed is a relative thing, but avoiding dependency loops is for the base
system packages is important, and really hard if you want to use shell.
I did some small hacking on the rpm posix module, and I don't think it'd
be such a big issue to adapt it to do things differently. Mostly it's very
simple wrappers around system calls.
> However, given that I suspect in the future we might hit more
> packages that do this, we *can* implement lua if we had something like
> `rpm exec-lua <script>` or so. (I was surprised to realize that the "posix."
> bits that many packages use is actually implemented in rpm itself).
> The downside of this is that it would force rpm+lua itself into the rootfs
> transaction - which bloats otherwise minimal containers, but that's
> something we can deal with by fixing packages to not use lua.
>
> For constructing roots that include rpm already (e.g. a host rpm-ostree system,
> not a container), any thoughts on basically exposing the lua
> executor via command line or so?
I think that would be great, and would make it much easier to develop
lua scriptlets.
Zbyszek
More information about the Rpm-ecosystem
mailing list