Language Selection

English French German Italian Portuguese Spanish

Your rPath to Conary

Filed under
Linux
Reviews
-s

Development Release: rPath Linux 0.51 (Alpha) was announced by DistroWatch yesterday, and I was a bit curious. After my first glance, I was a bit taken aback. rPath doesn't seem to be targetting desktop users. Although it ships with KDE and Gnome, they aren't the most up-to-date versions, nor are they dressed up or enhanced in any manner distinguishable. In my humble opinion, I think rPath is probably a developer's platform, ...a conary developer's platform.

Information about rPath, as well as its ancestor Specifix, is fairly sketchy. The rPath website is a page listing a job opening and a link to the conary wiki, however DistroWatch states "rPath is a distribution based around the new Conary package management, created by ex-Red Hat engineers, to both showcase the abilities Conary provides and to provide a starting point for customisation." The conary wiki is pretty thin itself, although I was able to gleen a little information from it.

It was no big surprise to see (a modified) Anacoda as the installer and (as usual) I found it fairly straight forward and easy to complete. It asks some basic configuration questions such as network setup, firewall choice, and bootloader conf. I must say I loved the package selection portion. One is give one choice: everything. Could it be any easier? It takes a little while to install and once it's complete, it reboots without setting up other hardware or user accounts. Upon reboot it starts X as root, but to complete some other basic configurations in a graphical environment using rPaths Setup Agent. Included configurations include the date and timezone, monitor and resolution, and of course user account(s). Upon Finish, it restarts X and presents gdm for login. KDE and gnome are about your only choices for a desktop environment/window manager. rPath includes KDE-3.4.1 and Gnome-2.10.2. The Xserver version is xorg-6.8.2, gcc is 3.3.3, and the kernel is 2.6.12.5. The kernel-source isn't installed from the iso, but one can install it with conary.

        

Conary is rPath's package management system. As it appears conary is the focus of rPath, I spent quite a bit of time trying to figure it out. I began my quest quite lost and confused and ended it a little less lost and confused. According to the site, "Conary is a distributed software management system for Linux distributions. It replaces traditional package management solutions (such as RPM and dpkg) with one designed to enable loose collaboration across the Internet." Simply put, it's the package manager. It appears to be able to obtain packages from different repositories, utilizing binaries if available or sources if necessary and storing all versionings in a database in order to track changes from source branch all the way back to local versions installed on a given system to meet dependencies without conflicts.

According to the wiki, after the installation of rPath 0.51 the first thing one should do is update conary to version 0.62.2. Termed Conversion, the instructions stated to issue the following commands:

$su -
# conary update conary
# conary q conary
$ su
# sed -i 's/lockTroves/pinTroves/g' /etc/conaryrc

They continue with instructions in case an AssertionError is encountered. I didn't experience such an error and proceded with reading the wiki, --help, and man pages.

Conary at the commandline appears very apt-like. In fact the conary-gui is identical in appearance to synaptic. The gui front-end didn't seem to function very well here, but the commandline version seems to work as intended. Also included is the utility "yuck" which is a wrapper script to call conary --upgradeall.

        

Fortunately running conary is much easier than trying to understand what it is or how it works. Some simple commands include: conary q <packagename> reveals if the given packagename is installed, whereas conary rq <packagename> lists the newest available upgrade. conary update <packagename> installs or updates requested packagename, and conary erase <packagename> uninstalls. There are many many interesting options to play with in using conary beyond those basics, but most seem to geared toward package builders. Some of these include emerge, which builds the "recipe"; commit, which stores the changes; and showcs, which shows the difference. It really looks sophisticated and yes, I admit, a little complicated at the more in-depth level.

So, to install the kernel-source, one simply types: conary update kernel-source

The developers might be onto a superior package management system, but is it catching on? We know rPath obviously uses it and I understand Foresight Linux to utilize this package management system. As for rPath, it was a stable functional development environment. It seems it isn't trying to be the latest or greatest nor the prettiest. If you are interested in developing for conary or wish to use a system utilizing that package management system, then rPath might be the distro for you. The full package list as tested is HERE.

        

Conary

I'm pretty hazy on this too, so I might be completely off, but here is how I understand this:

While to a casual user Conary looks pretty much like apt-get or synaptic, it does do something more advanced under the hood. It is intended to make it easy to put together a system using a number of separate and *independent* repositories, each making its own changes and mini-releases. Conary tracks not only what you installed on your system, but also where it came from. This extends to any dependencies it uses, and it becomes quite a powerful concept.
For example, Foresight which also uses Conary is actually created largely from packages pulled directly from rPath repos; I would say as much as 75% of packages are not modified at all. If you install Foresight and later run updates on it, you'll see number of packages are updated from rPath repos. Any packages Foresight guys developed themselves come from their own repositories, naturally. But any packages that do exist in rPath but were modified in Foresight are overlayed over the 'standard' versions, with Conary keeping track of what comes from where, and what depends on what (in that context). This is pretty cool for Foresight guys, who can make their own distro while at the same time take a lot from the base, rPath.

Think of it this way: if you used Fedora, you probably tried at some stage to add various third-party repos to your yum config: Livna, Freshrpms etc... and quite possibly you discovered in the process some of them can conflict with others... it can become a mess. Well, this is exactly the situation Conary adresses.

... but again, I could be completely wrong.

re: Conary

That's pretty much the way I understand it as well, in that conary can keep track of any and all changes to the branches of a given source from the main branch all the way to minor revisions on public mirrors as well as on your local machine (which is especially good for developers). An end user can choose to install any version listed or just go with the latest. Like other package managers, all depends on the repositories set up tho. Good explanation! Thanks for your contribution. That's wonderful.

-s

----
You talk the talk, but do you waddle the waddle?

Conary

You are correct that rPath is developmnent release for the extensive testing of the Conary system, fPath is from Specifix who is the creator of Conary. Other distros like Foresight have taken and used it for their own needs. I find the Conary system interesting and quite functional, but have not made a decision about it's need and potential in the comunity.

My 2cents,
Capnkirby

re: Conary

I think it's a wonderful concept as well, but I think it'd be rather complicated to set up and most developers are already set in their ways. And when you factor in how few distros use that method... I don't think it's something that will catch on right away.

----
You talk the talk, but do you waddle the waddle?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Programming/Development Leftovers

Openwashing Leftovers/New Examples

Kernel and Linux Foundation in Pockets of Proprietary Software Vendors

  • AT&T, Nokia open up the radio’s edge to third party apps [Ed: Openwashing to dominate the standards and interfaces (with patents) through the "Linux" Foundation]
    AT&T and Nokia have developed a radio edge cloud (REC) appliance that the two companies plan to release into open source via the Linux Foundation. The REC will make it possible for third parties to develop apps and get access to the radio access network (RAN). [...] Murphy said that it is not easy to predict all the use cases for REC but added that having an open source edge cloud with open interfaces to the RAN control will allow operators to have more options.
  • Accord Project to develop open source framework for smart legal contracts [Ed: They're promoting and spreading proprietary software and proprietary formats of Microsoft]
    One of the main purposes of Accord Project is, therefore, to provide a vendor-neutral “.doc” format for smart legal agreements.
  • Apple joins the open-source Cloud Native Computing Foundation
    Apple, in typical fashion, isn’t commenting on the announcement, but the CNCF notes that end-user memberships are meant for organizations that are “heavy users of open source cloud native technologies” and that are looking to give back to the community. By becoming a CNCF end-user member, companies also join the Linux Foundation .
  • Linux stable tree mirror at github [Ed: Greg Kroah-Hartman giving Microsoft more control over Linux]
    It differs from Linus’s tree at: https://github.com/torvalds/linux in that it contains all of the different stable tree branches and stable releases and tags, which many devices end up building on top of. So, mirror away! Also note, this is a read-only mirror, any pull requests created on it will be gleefully ignored, just like happens on Linus’s github mirror. If people think this is needed on any other git hosting site, just let me know and I will be glad to push to other places as well.

Security Leftovers

  • Industry Watch: Of open source, data breaches and speed [Ed: And proprietary software is a lot less suitable for security and privacy purposes because there are surveillance 'features' disguised and back doors too]
    Open-source software helps developers work faster and smarter, as they don’t have to ‘re-invent the wheel’ every time create an application. They just need to be sure the license attached to that software allows them to use the component the way they want. They also need to stay on top of that application, so if the component changes, or an API changes, their application isn’t affected and they are still in compliance. Data protection is also something organizations must get serious about. While the GDPR only affects users in the European Union, it’s only a matter of time before those or similar regulations are in place in the U.S. and elsewhere. Companies should get a jump on that by doing a thorough audit of their data, to know they are prepared to be compliant with whatever comes down from the statehouses or from Washington, D.C. On the speed side, the benefits of Agile and DevOps are clear. These methodologies enable companies to bring new software products to market faster, with the result of getting a jump on the competition, working more efficiently and ultimately serving your customers. Unfortunately, these efforts are usually done by different teams of developers, database administrators and security experts. If the Equifax and Facebook breaches have taught us anything, it’s that you can’t expect developers to be security experts, and you can’t expect DB admins to understand the ramifications on the business when data is misunderstood. It will take a coordinated approach to IT to achieve business goals while not leaving the company — and its IP and PII data — exposed.
  • VLC patches critical flaws through EU open source bug bounty program
    More than 30 security issues have been fixed in VLC, the popular open source media player, with developers praising an EU-funded bug bounty program for helping produce its most secure update yet. VLC media player, created by the software non-profit VideoLAN, was found to have 33 vulnerabilities within various versions, including two that were considered critical. An out-of-bounds write was one of the severe vulnerabilities found to affect all VLC versions, and a stack buffer overflow was also discovered in VLC 4.0. Less severe vulnerabilities consisted of out-of-band reads, heap overflows, NULL-dereference, and use-after-free bugs. An updated version, VLC 3.0.7, has since been released for users to download.
  • VLC Player Gets Patched for Two High Severity Bugs
  • Asigra FreeNAS plugin brings open source data protection [Ed: Some openwashing of proprietary software]
    Asigra is trying to capture FreeNAS users with a free-to-try plugin version of its backup software. The Asigra FreeNAS plugin released this week allows customers to turn their iXsystems FreeNAS storage systems into backup targets. It encrypts and deduplicates data before it is sent to the FreeNAS system. The plugin also detects and quarantines malware and ransomware so that it doesn't get backed up.
  • TrueCommand Brings Single Pane of Glass Management to TrueNAS and FreeNAS Fleets
  • WSO2 and Ping Identity Partner to Provide Comprehensive, AI-Powered Cyber-Attack Protection for APIs
  • The Open Source Cookbook: A Baker’s Guide to Modern Application Development
    Let’s begin our cookbook by selecting our recipe. I’ve had some phenomenal baked goods, and I’ve had some not-so-phenomenal baked goods (there is rarely a bad baked good). But I’ve been surprised before, by a croissant from a diner that didn’t taste like the one from the local French bakery, or by a buttercream frosting at a supermarket that just didn’t have the same delicate touch as the one I make at home. In each case, I expected the same as I had before – by title – yet encountered a much different experience. When selecting your recipes, it’s important to understand which type of a particular food you are expecting to make, or you may be met with a different taste when you finish than you were hoping for when you began. [...] As with cooking, when incorporating open source components into applications, it’s important to understand origin and evolution of what you’re baking into your software. Carefully review your open source component versions, and evaluate the community’s activity in order to have the greatest chance possible to predict the possible technical debt you may inherit.