Skip to content

WIP: Snapify ntpsec

username-removed-655603 requested to merge paelzer/ntpsec:snapify-ntpsec into master

Hi, on one hand I worked on packaging ntp (classic) recently and on the other hand I worked a bit with snapcraft (=> http://snapcraft.io/). I really think ntpsec would be a perfect candidate to exploit snap packaging.

Please consider this an RFC for now - following the spirit of NTPsec contribution policy "Before starting significant work, please propose it and discuss it first" I'll also write to the ML linking to this branch. But also did I not just want to mention snapcraft and run away - instead I thought to provide a prototype that can be tested, but discuss motivation, tech and details before doing some more heavy lifting work.

My current example is meant for a daily build, but this can easily be changed to whatever you prefer. Snapcraft could - for example - build from a stable branch of your tree automatically or whatever else you want.

Benefits of exploiting snap(craft) in ntpsec (in my opinion):

  • for security it is often important to be able to push fixes fast to consumers, snaps are great for that as it somewhat cut's out the distributions as a gatekeeper of a release process
  • ntpsec isn't packaged in distributions yet, an upload to the snapstore would make you instantly available on multiple distributions
  • faster development iteration cycles, which is especially useful for new (or newly forked) projects
  • and of course all the benefits listed at http://snapcraft.io/

Limitations:

  • this doesn't use any of the great snap isolation features yet (still using --devmode to get the prototype fast). Implementing those will need a few new interfaces and that effort should be spent after the discussion (but on the good side, you haven't lost anything - just not gained all of the snap isolation features yet).
  • currently there is no snapcraft plugin for waf, so I provided one (but I also started to push it to snapcraft already so it can be dropped from ntpsec in a bit)

I'm looking forward and hope that the security improvements of ntpsec and those of snap's for packaging will one day stack up to be even better together. Let's discuss.

Kind Regards Christian

P.S. FYI - I'm soon going to vaction - so please don't wonder if there is kind of no-response between 13th and 23rd August. OTOH this gives everyone more time to play and experiment with it.

Merge request reports