Bruce Ashfield
Bruce has been working professionally with Linux since 2000, and a user since
1995. He currently works as a Principal Systems Engineer for AMD, spending
time as maintainer for the Yocto project reference kernel, meta-virtualization
and meta-cloud-service slayers. Although most of Bruce's effort is spent in the
kernel and virtualization, his experience ranges from build systems and shell
scripting, to userspace and graphics toolkits. Bruce has spoken at ELC in the
past, at internal conferences/showcases and technology presentations to smaller
audiences.
Sessions
Many modern languages (such as go, rust, nodejs) include their own dependency
management components that are responsible for ensuring the correct source is
available for the build. While this addresses many of the issues with dependency
management and packaging at the source/build level, it causes issues when
several core OE features are considered: reproducibility, licensing/SBOM,
offline builds, sstate/hash equivalence, etc. There are also indirect issues
such as CVE management, debugability, recipe transparency, code sharing, that
are sources of maintenance challenges.
The approach/implementation to solving these issues are largely language
specific, but have the common themes of OE fetcher integration, dependency
packaging (and reuse) versus per-recipe source code management, dependency
specification, etc. Balancing reuse, build performance, scalability and other
issues are also challenges that remain with the different solutions.
Using golang as an example, this talk will cover these issues in more detail,
and use meta-virtualization's go recipes as an example of one way to solve the
problem. It will also summarize the issues with other languages and discuss what
should be considered when doing an OE core fetcher implementation for a given
language.
The yocto project has long supported package feeds, recently the project has
gained more capabilities around binary artifacts and how they can be reused.
There is also an effort to create and support a reference package feed as part
of the outputs of the project.
This presentation will introduce the components that underpin package
capabilities, and show how they work together to enable workflows based on
binary artifacts. Package feed extension, and target update will be discussed,
as well as how containers can be used in a 'docker build' like manner to package
and deploy applications.
It will then give an overview and status update on the "5 Year" planning and
binary distribution effort. Distinctions between core project capabilities, and
what can be leveraged from the wider ecosystem will also be discussed as part of
this presentation.