I would support this as @Liferay has implemented pretty much the same thing, used by our marketplace, called LPKGs (you can guess what that might mean).
I'll point out the common functionality inline in support of your use case. On Oct 7, 2017 6:30 PM, "Neil Bartlett (Paremus)" <neil.bartl...@paremus.com> wrote: Hello Felix developers, I would like to initiate a contribution of external code into Apache Felix. This code is being contributed on behalf of Intel Corporation, who funded development. The contribution is a plugin for File Install — an implementation of the ArtifactInstaller service — which handles Bundle ARchive (BAR) files. This is a proposed format for an aggregate of functionality represented as one or more OSGi bundles along with an OSGi index. It includes use of the OSGi resolver API to check consistency and permits overlapping resources from multiple installable units. A BAR file is physically a JAR file with some defined manifest headers to control the behaviour of the installer. It must contain an OSGi index (in the XML format specified by the Repository Service specification) and the index can reference bundles contained within the BAR LPKGs do this. , or optionally external bundles. Nice! This would be useful. > Additionally the BAR manifest contains a set of requirements (a Require-Bundle and/or Require-Capability header) that define the root requirements to be resolved against that index. We handle this effectively by enforcing that the index resolves against the current framework, but this would be nice for either augments-style behaviour or to support external resolution when BAR is referenced in an R5 index. Dropping a BAR file into the File Install monitored directory does not immediately install its contents. Instead a resolution process is initiated to ensure that the contents of the BAR are complete and consistent. Exactly what lpkg does. If that resolution process succeeds then the BAR contents become available for installation. The application or management agent is responsible for triggering the actual installation. Do you mean the referenced bundles or the BAR? If the bundles, how are they reached by the agent? Does it kind of become a repository visible to a repository service? What lpkg does is install and start (if not already done) all referenced bundles by default which we feel is the most common user expectation. Could this be a BAR feature configuration or flag? > Multiple BAR files can require the same resource transitively. We use a reference counting mechanism to ensure that BARs with overlapping requirements can be installed concurrently, and those resources are only uninstalled when the last BAR that references them is uninstalled. Does this mean that if the BAR itself is uninstalled that its referenced bundles are uninstalled at once, unless referenced by another BAR? This differs from existing approaches in the following ways: 1. The OSGi Deployment Admin specification defines a similar file format for aggregates of bundles, but the contents of a Deployment Package cannot overlap with previously installed Deployment Packages. This limitation makes the specification unworkable in many practical scenarios. Agreed! 2. Eclipse and Karaf both have a similar concept of “features”, but these are simply listings of bundles. The BAR Installer uses the OSGi resolver to ensure that the contents of the BAR can actually be installed cleanly in the current OSGi framework, and will never attempt to reinstall a bundle that is already in use. Agreed and agreed! 3. The OSGi Subsystem Service specification has the ability to resolve the contents of a subsystem, but the resolved bundles are usually installed into an isolated “region” of the target OSGi framework. This creates a lot of complexity, and as a result the Subsystems chapter of the OSGi specification makes for a daunting read. BARs are installed into the flat OSGi framework without isolation, have a simpler lifecycle and are easier for developers to reason about. Agreement, much WOW! All sources are already Apache licensed, and were originally developed for the Open Security Controller project (https://www. opensecuritycontroller.org/ <https://www.opensecuritycontroller.org/>). I just have one single use case that I'm not clear is covered (thought it may be implied or not mentioned): Is there a way to blacklist a particular referenced bundle such that it's capabilities can be satisfied by some other bundle not previously known to the bar? We've frequently observed that in order to support some maintenance scenarios we have to have more strict control of what gets installed particular when providing security and/or bug fixes. - Ray
