-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
split into workspace/multiple crates #32
Comments
I think what's missing is to define what the "things" in question are, and what the value-add would be over just shelling out to Aside from those wrappers (which I'd really prefer not to expose as APIs), I'm not sure what the "core" of this repository is, if not the "storage" part. This is another reason that I'm struggling with the parser side of the dumpfile code from the original crate. I'm not sure why it would make sense to have that unless we're looking to implement our own version of |
Ah, I think that's rooted in the other disagreement. The primary use case here is parsing the output of |
I don't consider splitstream to be a source of truth in any way. It's strictly an implementation detail, and doesn't ever appear "on the wire", and definitely doesn't need to be specified in any way. The source of truth is the layer tarball. Splitstream is just a space-saving way to store it which also happens to have very nice performance characteristics for building images. |
Yes, we can debate the splitstream one in the other issue. Did the two rationales for having a Rust parser for the dump file format make sense or no? |
Not really. Would we parse the dumpfile just to print it out again when running |
For the "mkcomposefs from untrusted input" indeed that's what I'd like to do because it adds a whole layer of defense before passing potentially malicious input to C code that until recently had never seen fuzzing. But the other case of parsing |
(Just inserting myself here to note that I've written a bunch of rust parsers in the past using |
In this case we're talking about the existing parser code in containers/composefs@7432e8c#diff-f8019245093e26a2f17e5b661cb9040f56327a3a29ac9fe79a3b4c5a5eb7050b that was dropped and I think has use cases, not writing new code currently. |
I still don't believe that |
OK let's try to spend the 30 mins tomorrow going through the splitstream bits. But: AFAIK rauc.io today is using the composefs blobs as source-of-truth for GC and it is parsing them via the libcomposefs C code. Remember not every use case for composefs needs splitstream; they may not have the dual constraints/features imposed by OCI around checksums of tarballs and the desire to be able to re-push content. So for people that (reasonably) want to use composefs blobs as truth, a dump file parser is helpful. (Of course it'd be quite a bit more efficient to directly read the erofs either by binding the C library or a rewrite but that's its own heavy lift...) So I think it makes sense to have the dump file parser available. Are you getting hung up on using it in the existing code or merely how it should be structured/placed? |
(And if they do have that desire, for projects that chose not-tar they may already have a "normal form" that they expect to use anyways; e.g. ostree is very much designed to have such a normal form; though there's different complexities in trying to have a composefs blob as source-of-truth for ostree, but that's tangential) |
|
Yeah, that's a fair point. But then what I'd still say is I think we should have an API that is like That said it'd make total sense to me to have an That leaves the higher level |
In the very short term it's fine, we can basically publish mostly as is after some cleanups, there's no one that I know of using the previous crate version; this is more about setting expectations for more medium term direction. |
The one thing that I think absolutely makes sense to split out is the The example you give — |
I still disagree about the usefulness of these kinds of APIs. This is basically a very thin wrapper on top of In short: if people want these core "composefs" functionalities, they should just use the composefs CLI as an API. That's what it's there for. |
I have a working branch locally that split the repository up into composefs 0.2.0 was published today, as-is (everything in a single crate). |
In the original composefs crate I tried to keep it to literally just Rust bindings to the core functionality; there was no concept of a global repository, garbage collection etc.
Say that a project like rauc.io or actually what ostree/bootc do today; or maybe rpm/dpkg wants to do things with composefs. I think it makes sense to keep that "core" split, because the APIs and functionality there should be 100% stable. The rest of the things here would be in e.g. a
composers-storage
crate or so?The text was updated successfully, but these errors were encountered: