Discussion about PR: WIP: Snapify ntpsec

Christian Ehrhardt christian.ehrhardt at canonical.com
Tue Aug 9 15:10:16 UTC 2016


Hi,
I wanted to give the ML a ping as well about this, so that not only the
Pull Request is existing.
Eventually one here might chime in as well.

There is a prototype to snap ntpsec at
https://gitlab.com/NTPsec/ntpsec/merge_requests/49

I'll quote my PR text here and hope for a great discussion:

"Hi, on one hand I worked on packaging ntp (classic) recently and on the
other hand I worked a bit with snapcraft (=> http://snapcraft.io/). I
really think ntpsec would be a perfect candidate to exploit snap packaging.

Please consider this an RFC for now - following the spirit of NTPsec
contribution policy "Before starting significant work, please propose it
and discuss it first" I'll also write to the ML linking to this branch. But
also did I not just want to mention snapcraft and run away - instead I
thought to provide a prototype that can be tested, but discuss motivation,
tech and details before doing some more heavy lifting work.

My current example is meant for a daily build, but this can easily be
changed to whatever you prefer. Snapcraft could - for example - build from
a stable branch of your tree automatically or whatever else you want.

Benefits of exploiting snap(craft) in ntpsec (in my opinion):

   - for security it is often important to be able to push fixes fast to
   consumers, snaps are great for that as it somewhat cut's out the
   distributions as a gatekeeper of a release process
   - ntpsec isn't packaged in distributions yet, an upload to the snapstore
   would make you instantly available on multiple distributions
   - faster development iteration cycles, which is especially useful for
   new (or newly forked) projects
   - and of course all the benefits listed at http://snapcraft.io/

Limitations:

   - this doesn't use any of the great snap isolation features yet (still
   using --devmode to get the prototype fast). Implementing those will need a
   few new interfaces and that effort should be spent after the discussion
   (but on the good side, you haven't lost anything - just not gained all of
   the snap isolation features yet).
   - currently there is no snapcraft plugin for waf, so I provided one (but
   I also started to push it to snapcraft already so it can be dropped from
   ntpsec in a bit)

I'm looking forward and hope that the security improvements of ntpsec and
those of snap's for packaging will one day stack up to be even better
together. Let's discuss.

Kind Regards Christian

P.S. FYI - I'm soon going to vaction - so please don't wonder if there is
kind of no-response between 13th and 23rd August. OTOH this gives everyone
more time to play and experiment with it."



-- 
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntpsec.org/pipermail/devel/attachments/20160809/416f812c/attachment.html>


More information about the devel mailing list