Binary Updates for DragonFly
Matthew Dillon
dillon at apollo.backplane.com
Wed Dec 19 14:42:40 PST 2007
Here's my opinion on binary updates. I considered two scenarios:
(1) Distribute the object tree and use the normal make installkernel,
installworld, and make upgrade mechanisms to update.
(2) Distribute the binaries and write a custom installkernel and
installworld mechanism, but keep using 'make upgrade' to deal
with the final clean up.
I think option #2 is probably our best bet as for the most part everything
done by instalkernel or installworld can be packaged together into a
single tar file that one just extracts, with only some minor renames
of critical library files to avoid blowing the system up.
* The binary dist creates a tar file. The name of the tar file includes
the rev and date... basically a unique naming convention that can be
used to programmatically glue binary diffs together.
* Binary diffs would be relative to older tar files and use a self
identifying naming scheme so a script or application can verify
that the correct binary diffs are available and applicable to the
correct base file(s).
* The tar files can be gzipped for distribution (but diffs are based on
the non-gzipped version). The gzipped tar file would remain on the
target host as a basis for future binary patches. The installed
binaries would NOT be used as a basis for future binary patches, only
the tar file.
* A streaming patch to apply the binary diffs would be the best thing, so
the tar file can be left on-disk in gzipped format. I don't know if
the binary diff mentioned in the thread can do that. e.g. some sort
of 'gunzip < tar | binary_patch <patchfile> | tar xvpf -' sequence
to apply a binary patch and extract at the same time. A similar
sequence could be used to generate the new tar file. Again, the
binary patch has to be against the NON gzipped tar file or it will
never work.
* Patches would contain the MD5 of the final result for validation
(ungzipped MD5).
* The tar file is installed on the machine. Certain critical files
(main library files like libc.so) are named differently in the tar
file. The next-to-last step after application of the tar file
renames them to the official names, replacing the current system
library files as a final step.
e.g. in the tar libc.so would be 'libc.so.new' and then as a
second-to-last step after extraction libc.so.new would be renamed
to libc.so.
* Enough of /usr/src is included in the patch to make 'make upgrade'
work as it does now. 'make upgrade' is run as a final step. We
don't need the whole /usr/src tree, just a small part of it. I don't
want to have a separate upgrade mechanism for the cleanup step. I
want us to use 'make upgrade' even for this system.
I see many advantages to this mechanism.
* The upgrade can be reapplied to a system with no harm done if it was
botched the first time... we don't want to be left with a non-working
system no matter what.
* Low impact on developers. 'make upgrade' is used for the final step
either way.
* Easy management of base tar's and patches.
* Easy to generate the tar file(s) using existing buildworld &
installworld mechanisms (something similar to how we build releases
with nrelease). e.g. a /usr/src/binarydists build system that
leverages off of existing systems.
KERNEL UPDATES
Best way to do these is to have named kernel builds and maintain a base
dist and patch system for each named build you want to distribute.
Official sites would distribute maybe half a dozen different kernel builds,
but more importantly any administrator could set up a 'build' machine
with all of his custom builds and do his own binary dists given the
build infrastructure we would include in e.g. /usr/src/binarydists or
/usr/src/binarybuild or whatever we want to call it.
As a final note I would say that we have used our /usr/src/ based build
system to great advantage over the years. We need to leverage it as much
as possible when introducing a binary update option.
-Matt
More information about the Users
mailing list