[Rpm-ecosystem] lua, unprivileged rpm, and rpm-ostree

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Thu Aug 11 15:45:24 UTC 2016


On Thu, Aug 11, 2016 at 11:27:18AM -0400, Colin Walters wrote:
> So finally, a problem is right now we aren't implementing lua:
> https://github.com/projectatomic/rpm-ostree/pull/424
> 
> I'd actually like to avoid implementing lua for as long as possible -
> from my readings in Fedora, most of the usage is for legacy updates
> or workarounds.  glibc is however using it in a %posttrans, which
> we could easily port to shell.  I might submit a patch to do so.

I think this goes in the opposite direction to recent changes in
various packages. It's not only glibc, but also fedora-release,
systemd, and probably others, which were converted to lua. The main
reason is reduced dependencies: using lua allows a dpendency on shell,
awk, sed, etc. to be avoided. Second reason is better speed.

In a relatively bare VM:
test at rawhide systemd (master)$ rpm -qa --scripts |grep 'using .lua.'|wc -l
     16
test at rawhide systemd (master)$ rpm -qa --filetriggerscripts |grep 'using .lua.' |wc -l
     3

Speed is a relative thing, but avoiding dependency loops is for the base
system packages is important, and really hard if you want to use shell.

I did some small hacking on the rpm posix module, and I don't think it'd
be such a big issue to adapt it to do things differently. Mostly it's very
simple wrappers around system calls.

> However, given that I suspect in the future we might hit more
> packages that do this, we *can* implement lua if we had something like
> `rpm exec-lua <script>` or so.  (I was surprised to realize that the "posix."
> bits that many packages use is actually implemented in rpm itself).
> The downside of this is that it would force rpm+lua itself into the rootfs
> transaction - which bloats otherwise minimal containers, but that's
> something we can deal with by fixing packages to not use lua.
> 
> For constructing roots that include rpm already (e.g. a host rpm-ostree system,
> not a container), any thoughts on basically exposing the lua
> executor via command line or so?
I think that would be great, and would make it much easier to develop
lua scriptlets.

Zbyszek


More information about the Rpm-ecosystem mailing list