[LEDE-DEV] Release 17.01.0 binary packages have changed and SDK inconsistency
Alberto Bursi
alberto.bursi at outlook.it
Wed Mar 29 12:58:20 PDT 2017
On 03/29/2017 05:39 PM, James Feeney wrote:
> Hi Alberto
>
>> Also the kernel is handled like a package for the build system, but
>> since most devices expect it outside of root filesystem in various ways,
>> it's added to the firmware image the way the device's bootloader expects it.
> I haven't seen a preferred term for the class of this combined. LEDE does name each of them individually, based upon the target
> architecture. It would be nice to have some generally recognized single name
> for this class, "the kernel-fs packages" or some such.
>
> Of course it's a little complicated, since most traditional Linux distros target
> only one or two hardware architectures, and LEDE targets many many different
> target architectures. But then, that's the whole point of LEDE.
>
I've seen it called "image", as it is basically a disk image ready to be
flashed on raw flash (for most devices), or simply "firmware" as the end
result is a complete and bootable firmware if installed correctly.
> So, if I understand, there always exists a set of hashes to verify that, at any
> time in the future, a package can be built which is identical to any package
> built in the past.
The hash is to verify integrity of source package downloaded from
upstream, afaik there is a hash after compilation, but that is generated
automatically and listed in the package lists read by opkg only. It's
not stored permanently.
You can revert to an older version of LEDE git and compile the same
package with its build system, assuming you still have access to the
same source package or git repo or whatever that was used before.
> Bastian also mentions "checkout LEDE and all feeds at a specific timestamp" as
> an approach. This suggest two general tracking mechanisms: 1) tracking by hash,
> and 2) tracking by time-stamp. Is one of these mechanisms, or are both of these
> mechanisms, used universally in the LEDE package management system?
I think he meant that they are doing like that to make their own
downstream LEDE-based firmwares. They tag a timestamp in LEDE snapshot
or whatever, and stick to it until they decide to tag the next.
In any case LEDE is either downloading a source archive from a specific
release version (and using the hash) or fetching source from a specific
commit in a versioning system like git or subversion or whatever.
>
> Hmm - it is not entirely clear to me that, if the patch set changes in the
> future, the version number of the package will be distinctly incremented, as
> would be pretty standard for any other Linux distro. Does each package have a
> minor version number, in the source and binary repositories, to allow
> distinguishing patch set changes, used in each build of every package?
>
There is a secondary version number, yes.
Packages have PKG_VERSION that shows the upstream version and
PKG_RELEASE that is used to show changes on the LEDE side. If you see a
package that lists version as 123-1, it's major version is 123 and its
minor version is 1.
Packages with a timestamp use that instead of major version, and they
still have a minor version.
for example 2016-09-21-42ad5367-1 where the last "1" is the minor version.
You can see all versions used in the first page of the table of packages
in the wiki https://lede-project.org/packages/start
Or by browsing a Package.manifest in the package download folders
https://downloads.lede-project.org/releases/17.01.0/packages/aarch64_armv8-a/base/Packages.manifest
> Perhaps, assuming that these distinct version numbers exist, and that these
> historic time-stamp or hash verified sources are archived somewhere and available.
The hashes and time stamps of source archives or commits are written in
the package's makefile in the git repository (either main repo or
community package feeds), you can see full history of changes to that
file with git.
There is a cache server that stores source archives because it's more
convenient than having the build bots spamming upstream download servers
and it is a convenient fallback if the upstream download disappears, it
should keep stuff for a long while (as long as the release is supported
for sure, as it is used by build bots).
it is here http://sources.lede-project.org/
Also OpenWRT's source cache server is used (as a fallback maybe)
https://downloads.openwrt.org/sources/
> It sounds like the LEDE package management system has changed and improved over
> the past months. It would be great to see your description of the LEDE package
> management system and build system on the wiki!
Ok, will move this to wiki in a few days.
-Alberto
More information about the Lede-dev
mailing list