Re: New -current binary bootstrap kit for RHEL/CentOS 7

To: Jason Bacon <outpaddling%yahoo.com@localhost>
Subject: Re: New -current binary bootstrap kit for RHEL/CentOS 7
From: "J. Lewis Muir" <jlmuir%imca-cat.org@localhost>
Date: Thu, 25 Oct 2018 11:13:09 -0500

On 10/24, Jason Bacon wrote:
> 
> For anyone interested:
> 
> I'm now building -current, prefix=/usr/pkg, on CentOS 7 with gcc6 as
> the minimum compiler (except for gcc itself and dependencies, of
> course).

Hi, Jason!

Thanks for this!

> Using gcc6 results in far more successful builds than the stock GCC
> 4.8 compiler on CentOS 7.
> 
> A binary bootstrap kit is available here, alongside my quarterly
> snapshot builds:
> 
>     http://mirror1.hpc.uwm.edu/pkgsrc/bootstrap-kits/
> 
> Download, verify the sha512, and unpack with

What's the point of verifying the checksum when it's hosted on the same
server as the .tgz file and the checksum is not hosted on HTTPS?

>     tar -C / -zxvf pkgsrc-RHEL7-gcc-6.0-usr-pkg.tgz
> 
> The kit includes /usr/pkg and /usr/pkgsrc.
> 
> The source tree is a git repository containing a snapshot of -current.
> 
> The reason for this is to ensure that the source tree is in sync
> with the binary packages at all times.  I update and rerun
> pbulk frequently, but irregularly, and have run into issues with
> dependency versions when mixing binary packages and
> source builds.
> 
> With this simple system, I update the public git repo to exactly
> match the source tree used by pbulk at the same time I publish a new
> set of packages.

That's interesting.  So, this is how you let your users use your binary
packages if they exist, but at the same time be able to build their own
packages for things that don't exist in your binary repository?

But you're providing a full set of pkgsrc binary packages, so really
this would be just for private pkgsrc packages that your users build and
use?

And I presume you don't support a user building a package with
non-default options when that package already exists in your binary
repository since that would likely risk dependency problems?

> To upgrade and keep everything in sync, just do the following:
> 
> pkgin upgrade
> cd /usr/pkgsrc
> git pull

That's cool.

Are your binary packages signed?  If so, how does a user set up
signature validation in pkgin?  If not, do you offer the packages for
download over HTTPS?  Otherwise, there's no way for a user to have
confidence about the integrity of any package from your repository.

Thanks!

Lewis

Follow-Ups:
- Re: New -current binary bootstrap kit for RHEL/CentOS 7
  - From: Jason Bacon

References:
- New -current binary bootstrap kit for RHEL/CentOS 7
  - From: Jason Bacon

Prev by Date: Re: Question coming from install of Firefox
Next by Date: Re: New -current binary bootstrap kit for RHEL/CentOS 7
Previous by Thread: New -current binary bootstrap kit for RHEL/CentOS 7
Next by Thread: Re: New -current binary bootstrap kit for RHEL/CentOS 7
Indexes:

Home | Main Index | Thread Index | Old Index