Re: [gentoo-user] almost free launch: an idea to lower build time, and rice, at the same time
On Tuesday, November 5, 2019 7:05 PM, Mickaël Bucas wrote: > Hi Caveman > > The Portage tree contains a few binary packages prepared by Gentoo > developers, like Firefox, Rust, LibreOffice... > "ls -d /usr/portage//-bin" shows about 90 packages prepared in this > way, some of them because they are non-free like Oracle JDK > > This means that there is no necessary changes to Gentoo to accomplish > what you describe : compile the packages, write the ebuilds for the > binary packages, publish ebuilds in an overlay. Some qt-related packages are really slow to compile, yet still not listed. A problem with this approach is that IMO it's too manual and doesn't react dynamically to user changes. IMO we can consider this an automated community-driven bin-host that uses statistics in order to tell which packages are reliable. In case of hardware mismatches, I think we can find a binary that's compiled with the desired, say, USE flags, but compiled on an older CPU model that's backward compatible with the newer rare one that one might be using. > But the really short list above shows that it's a really complex task > because of all dependencies and configurable elements in Gentoo. If > you just have a look at the output of "emerge --info" you can imagine > all the moving parts, like compiler versions and compile options, > Bash, Perl, Python, Init system, USE flags (combinatorial), even human > languages. And that is just the easily visible parts ! True, however a few points: * If we look at that info, from the perspective of individual packages, it is has much less degrees of variations in practice. E.g. if we look at the USE flags dimension, dev-qt/qtwebengine has 12 of them, so worst case for this aspect we get about: nchoosek(12,1) + nchoosek(12,2) + ... + nchoosek(12,12) = 4095 possible combinations with those 12 flags. But, most people are only interested in 2 sets of potential USE flag configurations, one with ALSA, or another with PA. So in practice, that 4095 is probably reduced to just 2 or 3 clusters of configurations (not 4095). * For hardware details, such as the exact CPU model and the kinds of features actually enabled by the compiler when using `-march=native`. I don't know the actual distribution of this in practice, but is it not possible that users can be given the choice to simply pick a binary that's compiled on an older backwards compatible CPU? E.g. the system could prompt the user the nearest (e.g. in selection of USE flags) to his query, by presenting the user with a binary compiled with an older x86-64 CPU model than his newer x86-64 CPU. This way, this could become simply an automated bin-host that blurs as necessary, and forks variations of specific configurations as demand raises, all without needing manual dev time to package *-bin manually. > I remember reading an article about a man trying to reproduce binary > packages of a binary distribution and failing to do so, because there > are so many parts involved. I've read later that distributions have > done some work to have reproducible builds, but I'm not sure how > successful they are, even when all choices are predefined. > > Given that Gentoo has taken a whole different road by having more > choices available to the user, I don't think the compilation results > of one configuration would be easily used on another. Is it possible to collect statistics of such configurations from Gentoo users? I don't know what would the outcome be, but I think it's worth exploring. E.g. what if it turned out that there is not much diversity in our settings? E.g. we can find a few really popular clusters of USE, langauge, license, flags? As for hardware, what would be the latest backwards compatible CPU that has compiled a binary for me with enough statistical confidence in its reliability? > To go even further, pushing your compiled packages to a public server > may create a security risk by exposing many parts of your > configuration that could be analyzed by malicious people. Any example of such sensitive information that might be in the binaries? Just curious, as I don't know much about this. I could be wrong, but so far my thought is that I don't think we get much bits of entropy for our security by hiding our package lists, because I think an adversary can probably already use statistics to predict common clusters of package lists that we might use.s. So I personally doubt that attackers would face much difficulty by not knowing our packages, because our packages are probably already predictable since our distribution of packages is not that diverse. > So far I don't see a really big advantage in building this kind of > infrastructure compared to either a binary distribution or Gentoo with > home compilation. IMO the real value is that it will be some kind of an automated community-driven bin-host that uses statistics to quantify the reliability of its bins, and to
Re: [gentoo-user] Bounced messages
A lot of the time, even with SPF, DKIM etc your messages will be marked as spam if you have a PGP signature, PDF file, or anything else and are sending from an unusual domain (ie not gmail/microsoft hosted domain). My messages do it all the time. Gregory 'Rudi' Rudolph r...@x.nightmare.haus (518) 888-6156 Verify PGP Signature via https://keybase.io/verify I am Rudi9719 This email message and attachment(s) may contain sensitive and/or proprietary information and is intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately and destroy the original message without making a copy. Please do not transmit any sensitive, proprietary, ITARS or FOUO data via e-mail without using approved encryption techniques. On 11/5/19 7:50 PM, mad.scientist.at.la...@tutanota.com wrote: > Spam filters are pathetic, they rarely catch spam. Mine actually marks my > own post to this list as spam and puts them in the spam folder, along with > other messages sporadically. If you want to stop spam use a "black list" of > open relays, that works. It also helps if you aggressively report it to all > admins in the mail chain and any one hosting them. I know I've been on the > "don't spam this guy" list, they quickly figure out that some people will > bust them hard and quick! On my other email account (different provider) > I've turned the spam filter off with no problems. It also helps if you don't > use antisocial media. > > -- “The whole world is watching! The whole world is watching!” > > > > Nov 5, 2019, 17:39 by rdalek1...@gmail.com: > Grant Taylor wrote: > On 11/1/19 2:00 PM, Dale wrote: > I think we came to the conclusion that one person is causing this. > > I don't agree with that conclusion. > > The only message I noticed missing was from one person. Since they are > coming from one person, that is the cause. If the messages was from > more than one person, then maybe there could be another conclusion. > Basically his emails trigger the spam alarm and it gets marked before > or upon receipt by gmail. It doesn't even make it to my in box. > > I don't know if spam is the proper term per say, but it's certainly in > the email hygiene category. > Now how a individual can find themselves in a place where their > emails are marked as spam like that, one can only guess. > > I don't need to guess. > > Any subscriber that posts to the list from an email domain that > employs contemporary security; i.e. SPF, and DKIM, and DMARC, all with > strict settings, will likely cause this to happen for subscribers that > have email with a provider that honors said strict security. > Thanks for the info. > > You're welcome. > > Note: I expect this larger problem to get considerably worse (across > mailing lists in general) before it gets better. Some governments > around the world are mandating that any business that partners with > the government in any way must implement the contemporary technologies > that I'm talking about. Germany and the U.S.A. come to mind. I don't > know of other examples off hand. > > > > > Based on posts from others, I suspect you are right. Sad to say but > mailing lists are not as popular it seems as they once was and one could > wonder if some of this is designed to make it harder for mailing lists > to stay active. While Alan's messages in the past were sort of > spam-ish, it's not really something that should be marked that way. > They shoulod get through and if the list maintainers think his messages > should be rejected for some reason, then they should be dealt with on > the Gentoo end of things. > > Either way, at least we know it isn't that some Gentoo server is having > a problem. That was my main concern. > > Dale > > :-) :-) > > signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Bounced messages
Spam filters are pathetic, they rarely catch spam. Mine actually marks my own post to this list as spam and puts them in the spam folder, along with other messages sporadically. If you want to stop spam use a "black list" of open relays, that works. It also helps if you aggressively report it to all admins in the mail chain and any one hosting them. I know I've been on the "don't spam this guy" list, they quickly figure out that some people will bust them hard and quick! On my other email account (different provider) I've turned the spam filter off with no problems. It also helps if you don't use antisocial media. -- “The whole world is watching! The whole world is watching!” Nov 5, 2019, 17:39 by rdalek1...@gmail.com: Grant Taylor wrote: On 11/1/19 2:00 PM, Dale wrote: I think we came to the conclusion that one person is causing this. I don't agree with that conclusion. The only message I noticed missing was from one person. Since they are coming from one person, that is the cause. If the messages was from more than one person, then maybe there could be another conclusion. Basically his emails trigger the spam alarm and it gets marked before or upon receipt by gmail. It doesn't even make it to my in box. I don't know if spam is the proper term per say, but it's certainly in the email hygiene category. Now how a individual can find themselves in a place where their emails are marked as spam like that, one can only guess. I don't need to guess. Any subscriber that posts to the list from an email domain that employs contemporary security; i.e. SPF, and DKIM, and DMARC, all with strict settings, will likely cause this to happen for subscribers that have email with a provider that honors said strict security. Thanks for the info. You're welcome. Note: I expect this larger problem to get considerably worse (across mailing lists in general) before it gets better. Some governments around the world are mandating that any business that partners with the government in any way must implement the contemporary technologies that I'm talking about. Germany and the U.S.A. come to mind. I don't know of other examples off hand. Based on posts from others, I suspect you are right. Sad to say but mailing lists are not as popular it seems as they once was and one could wonder if some of this is designed to make it harder for mailing lists to stay active. While Alan's messages in the past were sort of spam-ish, it's not really something that should be marked that way. They shoulod get through and if the list maintainers think his messages should be rejected for some reason, then they should be dealt with on the Gentoo end of things. Either way, at least we know it isn't that some Gentoo server is having a problem. That was my main concern. Dale :-) :-)
Re: [gentoo-user] Bounced messages
Grant Taylor wrote: > On 11/1/19 2:00 PM, Dale wrote: >> I think we came to the conclusion that one person is causing this. > > I don't agree with that conclusion. > The only message I noticed missing was from one person. Since they are coming from one person, that is the cause. If the messages was from more than one person, then maybe there could be another conclusion. >> Basically his emails trigger the spam alarm and it gets marked before >> or upon receipt by gmail. It doesn't even make it to my in box. > > I don't know if spam is the proper term per say, but it's certainly in > the email hygiene category. > >> Now how a individual can find themselves in a place where their >> emails are marked as spam like that, one can only guess. > > I don't need to guess. > > Any subscriber that posts to the list from an email domain that > employs contemporary security; i.e. SPF, and DKIM, and DMARC, all with > strict settings, will likely cause this to happen for subscribers that > have email with a provider that honors said strict security. > >> Thanks for the info. > > You're welcome. > > Note: I expect this larger problem to get considerably worse (across > mailing lists in general) before it gets better. Some governments > around the world are mandating that any business that partners with > the government in any way must implement the contemporary technologies > that I'm talking about. Germany and the U.S.A. come to mind. I don't > know of other examples off hand. > > > Based on posts from others, I suspect you are right. Sad to say but mailing lists are not as popular it seems as they once was and one could wonder if some of this is designed to make it harder for mailing lists to stay active. While Alan's messages in the past were sort of spam-ish, it's not really something that should be marked that way. They shoulod get through and if the list maintainers think his messages should be rejected for some reason, then they should be dealt with on the Gentoo end of things. Either way, at least we know it isn't that some Gentoo server is having a problem. That was my main concern. Dale :-) :-)
Re: [gentoo-user] is there a way to repair a corrupted emerged package?
On Tuesday, 5 November 2019 21:44:51 GMT n952162 wrote: > I then tried to repeat this process, to see if I could get libcap > installed and so get further with virtualbox, but for some reason, my > other computer - although it also has virtualbox installed, has > libcap-2.24*-r2*.ebuild instead of libcap-2.24.ebuild and worse, a > libcap-2.*25*.tar.xz !!! Ebuild on the crashed machine isn't taking it. If the two PCs have different arc/CPU/CFLAGS etc. some things won't work just by copying them over. Once you finished with your fsck, it would probably be better to boot a known good kernel and tool-chain, a.k.a. a LiveUSB/DVD, chroot into your damaged system, re-sync portage and rebuild world. Otherwise, you'll be fighting this war a battle at a time, not knowing what corrupt/missing file you'll come across next. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] is there a way to repair a corrupted emerged package?
I then tried to repeat this process, to see if I could get libcap installed and so get further with virtualbox, but for some reason, my other computer - although it also has virtualbox installed, has libcap-2.24*-r2*.ebuild instead of libcap-2.24.ebuild and worse, a libcap-2.*25*.tar.xz !!! Ebuild on the crashed machine isn't taking it. On 11/05/19 22:30, n952162 wrote: I moved the virtualbox-6* ebuilds out of that directory and was able to regenerate the Manifest! The ebuild file merge worked quite well ... unfortunately, I ended up here: /usr/lib/gcc/x86_64-pc-linux-gnu/6.4.0/../../../../x86_64-pc-linux-gnu/bin/ld: cannot find /lib64/libcap.so.2 Apparently pcap also got it's libraries trashed ... On 11/05/19 22:22, n952162 wrote: I found the ebuild /file/ manifest command ... but got this: //usr/portage/app-emulation/virtualbox # ebuild /usr/portage/app-emulation/virtualbox/virtualbox-5.1.32.ebuild manifest // //!!! getFetchMap(): 'app-emulation/virtualbox-6.0.12' has unsupported EAPI: '7'// ///usr/portage/app-emulation/virtualbox # / I think I'm on EAPI 6. On 11/05/19 22:08, n952162 wrote: I found a copy of the ebuild on a different machine I have - it's a x86 not an amd64 architect, but maybe it's architecture-agnostic. I wonder if I copy that to my amd64 machine (which has the tarball of the package), will I need anything else? On 11/05/19 21:44, Alarig Le Lay wrote: If the version you want isn’t in the tree anymore, you can use `ebuild /path/to/it merge` On mar. 5 nov. 21:41:39 2019, n952162 wrote: Thank you for the suggestion. I had version 5.1.32 installed - several components of that. When I run the command you suggest, it prompts: /The following keyword changes are necessary to proceed:// //...// //=app-emulation/virtualbox-5.2.34 ~amd64// // //Would you like to add these changes to your config files? [Yes/No] // / I'm afraid it's going to want to start all over again. On 11/05/19 21:24, Alarig Le Lay wrote: emerge -vaA1 virtualbox
Re: [gentoo-user] is there a way to repair a corrupted emerged package?
I moved the virtualbox-6* ebuilds out of that directory and was able to regenerate the Manifest! The ebuild file merge worked quite well ... unfortunately, I ended up here: /usr/lib/gcc/x86_64-pc-linux-gnu/6.4.0/../../../../x86_64-pc-linux-gnu/bin/ld: cannot find /lib64/libcap.so.2 Apparently pcap also got it's libraries trashed ... On 11/05/19 22:22, n952162 wrote: I found the ebuild /file/ manifest command ... but got this: //usr/portage/app-emulation/virtualbox # ebuild /usr/portage/app-emulation/virtualbox/virtualbox-5.1.32.ebuild manifest // //!!! getFetchMap(): 'app-emulation/virtualbox-6.0.12' has unsupported EAPI: '7'// ///usr/portage/app-emulation/virtualbox # / I think I'm on EAPI 6. On 11/05/19 22:08, n952162 wrote: I found a copy of the ebuild on a different machine I have - it's a x86 not an amd64 architect, but maybe it's architecture-agnostic. I wonder if I copy that to my amd64 machine (which has the tarball of the package), will I need anything else? On 11/05/19 21:44, Alarig Le Lay wrote: If the version you want isn’t in the tree anymore, you can use `ebuild /path/to/it merge` On mar. 5 nov. 21:41:39 2019, n952162 wrote: Thank you for the suggestion. I had version 5.1.32 installed - several components of that. When I run the command you suggest, it prompts: /The following keyword changes are necessary to proceed:// //...// //=app-emulation/virtualbox-5.2.34 ~amd64// // //Would you like to add these changes to your config files? [Yes/No] // / I'm afraid it's going to want to start all over again. On 11/05/19 21:24, Alarig Le Lay wrote: emerge -vaA1 virtualbox
Re: [gentoo-user] is there a way to repair a corrupted emerged package?
That's odd. I have 6.0.12 installed, so EAPI 7 should not be a problem. Note EAPI is applied per ebuild, not a system-wide thing. What version of portage are you using? On 2019.11.05 16:22, n952162 wrote: I found the ebuild /file/ manifest command ... but got this: //usr/portage/app-emulation/virtualbox # ebuild /usr/portage/app-emulation/virtualbox/virtualbox-5.1.32.ebuild manifest // //!!! getFetchMap(): 'app-emulation/virtualbox-6.0.12' has unsupported EAPI: '7'// ///usr/portage/app-emulation/virtualbox # / I think I'm on EAPI 6. On 11/05/19 22:08, n952162 wrote: I found a copy of the ebuild on a different machine I have - it's a x86 not an amd64 architect, but maybe it's architecture-agnostic. I wonder if I copy that to my amd64 machine (which has the tarball of the package), will I need anything else? On 11/05/19 21:44, Alarig Le Lay wrote: If the version you want isn’t in the tree anymore, you can use `ebuild /path/to/it merge` On mar. 5 nov. 21:41:39 2019, n952162 wrote: Thank you for the suggestion. I had version 5.1.32 installed - several components of that. When I run the command you suggest, it prompts: /The following keyword changes are necessary to proceed:// //...// //=app-emulation/virtualbox-5.2.34 ~amd64// // //Would you like to add these changes to your config files? [Yes/No] // / I'm afraid it's going to want to start all over again. On 11/05/19 21:24, Alarig Le Lay wrote: emerge -vaA1 virtualbox
Re: [gentoo-user] is there a way to repair a corrupted emerged package?
* Missing digest for '/usr/portage/app-emulation/virtualbox/virtualbox-5.1.32.ebuild' On 11/05/19 22:08, n952162 wrote: I found a copy of the ebuild on a different machine I have - it's a x86 not an amd64 architect, but maybe it's architecture-agnostic. I wonder if I copy that to my amd64 machine (which has the tarball of the package), will I need anything else? On 11/05/19 21:44, Alarig Le Lay wrote: If the version you want isn’t in the tree anymore, you can use `ebuild /path/to/it merge` On mar. 5 nov. 21:41:39 2019, n952162 wrote: Thank you for the suggestion. I had version 5.1.32 installed - several components of that. When I run the command you suggest, it prompts: /The following keyword changes are necessary to proceed:// //...// //=app-emulation/virtualbox-5.2.34 ~amd64// // //Would you like to add these changes to your config files? [Yes/No] // / I'm afraid it's going to want to start all over again. On 11/05/19 21:24, Alarig Le Lay wrote: emerge -vaA1 virtualbox
Re: [gentoo-user] is there a way to repair a corrupted emerged package?
I found the ebuild /file/ manifest command ... but got this: //usr/portage/app-emulation/virtualbox # ebuild /usr/portage/app-emulation/virtualbox/virtualbox-5.1.32.ebuild manifest // //!!! getFetchMap(): 'app-emulation/virtualbox-6.0.12' has unsupported EAPI: '7'// ///usr/portage/app-emulation/virtualbox # / I think I'm on EAPI 6. On 11/05/19 22:08, n952162 wrote: I found a copy of the ebuild on a different machine I have - it's a x86 not an amd64 architect, but maybe it's architecture-agnostic. I wonder if I copy that to my amd64 machine (which has the tarball of the package), will I need anything else? On 11/05/19 21:44, Alarig Le Lay wrote: If the version you want isn’t in the tree anymore, you can use `ebuild /path/to/it merge` On mar. 5 nov. 21:41:39 2019, n952162 wrote: Thank you for the suggestion. I had version 5.1.32 installed - several components of that. When I run the command you suggest, it prompts: /The following keyword changes are necessary to proceed:// //...// //=app-emulation/virtualbox-5.2.34 ~amd64// // //Would you like to add these changes to your config files? [Yes/No] // / I'm afraid it's going to want to start all over again. On 11/05/19 21:24, Alarig Le Lay wrote: emerge -vaA1 virtualbox
Re: [gentoo-user] is there a way to repair a corrupted emerged package?
On 2019.11.05 16:12, n952162 wrote: I imagine that's a line in the Manifest file? I think it IS the manifest file. Any hope of recreating that? ebuild /path/to/file.ebuild manifest (digest and manifest are synonyms in that usage)
Re: [gentoo-user] is there a way to repair a corrupted emerged package?
I found a copy of the ebuild on a different machine I have - it's a x86 not an amd64 architect, but maybe it's architecture-agnostic. I wonder if I copy that to my amd64 machine (which has the tarball of the package), will I need anything else? On 11/05/19 21:44, Alarig Le Lay wrote: If the version you want isn’t in the tree anymore, you can use `ebuild /path/to/it merge` On mar. 5 nov. 21:41:39 2019, n952162 wrote: Thank you for the suggestion. I had version 5.1.32 installed - several components of that. When I run the command you suggest, it prompts: /The following keyword changes are necessary to proceed:// //...// //=app-emulation/virtualbox-5.2.34 ~amd64// // //Would you like to add these changes to your config files? [Yes/No] // / I'm afraid it's going to want to start all over again. On 11/05/19 21:24, Alarig Le Lay wrote: emerge -vaA1 virtualbox
Re: [gentoo-user] is there a way to repair a corrupted emerged package?
I imagine that's a line in the Manifest file? Any hope of recreating that? On 11/05/19 22:11, n952162 wrote: * Missing digest for '/usr/portage/app-emulation/virtualbox/virtualbox-5.1.32.ebuild' On 11/05/19 22:08, n952162 wrote: I found a copy of the ebuild on a different machine I have - it's a x86 not an amd64 architect, but maybe it's architecture-agnostic. I wonder if I copy that to my amd64 machine (which has the tarball of the package), will I need anything else? On 11/05/19 21:44, Alarig Le Lay wrote: If the version you want isn’t in the tree anymore, you can use `ebuild /path/to/it merge` On mar. 5 nov. 21:41:39 2019, n952162 wrote: Thank you for the suggestion. I had version 5.1.32 installed - several components of that. When I run the command you suggest, it prompts: /The following keyword changes are necessary to proceed:// //...// //=app-emulation/virtualbox-5.2.34 ~amd64// // //Would you like to add these changes to your config files? [Yes/No] // / I'm afraid it's going to want to start all over again. On 11/05/19 21:24, Alarig Le Lay wrote: emerge -vaA1 virtualbox
[gentoo-user] Re: What's the value-added of journaling filesystems like ext4?
On 2019-11-04 22:46, n952162 wrote: > Ah, I didn't know that about running fsck multiple times - I remember > after doing my home directory - the more important one - it did say > "file system modified". I don't remember if the root fsck said that, > though. But it looks like I'm going to have re-install gentoo, in any > case, because virtualbox is all sitting in lost+found. A tip: whatever the virtues of journaling FS, it doesn't hurt to keep around a recovery tool along the lines of app-admin/testdisk. It saved my a*e earlier this year when I carelessly scribbled over my archive drive with thousands of pictures. I'd skipped doing ls -l /dev/disk/by-id and thought the output of my dd command was going to a thumb drive I'd just inserted. -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet and on broken lists which rewrite From, fetch the TXT record for no-use.mooo.com.
Re: [gentoo-user] is there a way to repair a corrupted emerged package?
Le 05/11/2019 à 21:17, n952162 a écrit : > fsck effectively discarded many of my virtualbox libraries but I > still have the ebuild and tarballs and everything. But I don't see > anything about repair in the emerge manpage. > > emerge -vaA1 virtualbox -- Alarig
[gentoo-user] is there a way to repair a corrupted emerged package?
fsck effectively discarded many of my virtualbox libraries but I still have the ebuild and tarballs and everything. But I don't see anything about repair in the emerge manpage.
Re: [gentoo-user] almost free launch: an idea to lower build time, and rice, at the same time
Le mar. 5 nov. 2019 à 01:02, Caveman Al Toraboran a écrit : > > > DISCLAIMER: I am not claiming that this idea is new. It is probably not new. > --- Even though some of its details might be new for a Linux > distribution, it's all based on boring well-established bits of > known science. But regardless of its newness, I think it's worth > sharing with the hope that it may re-kindle the fire in a nerd's > heart (or a group of nerds) so that they develop this for me (or > us). > > > > GOAL: > - > Reduce compile time, rice (e.g. fancy USE, make.conf, etc), and yet not > increase dev overhead. > > > CURRENT SITUATION: > -- > If you use *-bin packages, you cannot rice, and must compile on your own. > > > THE APPROACH: > - > 1. Some nerd (or a group of nerds) makes (or make) a package, maybe call it >`almostfreelunch.ebuild`. > > 2. Say you want to compile qtwebengine. You do: `almostfreelunch -aqvDuNt >--backbrack=1000 qtwebengine`. > > 3. The app, `almostfreelunch`, will lookup your build setup (e.g. USE flags, >make.conf settings, etc) for all packages that you are about to build on >your system as you are about to install that qtwebengine. > > 4. The app will upload that info to a central server, which looks up the >popularity of certain configurations. E.g. see the distribution of >compile-time configurations for a given package. The central server will >then figure out things like, qtwebengine is commonly compiled for x86-64 >with certain USE flags and other settings in make.conf. > > 5. If the server figures out that the package that `almostfreelunch` is about >to compile is popular enough with the specific build settings that is about >to happen, the server will reply to the app and tell it "hi, upload to me >your bins when cooked, plz". But if the build setting is not popular >enough, it will reply "nothx". This way, the central server will not end > up >with too much undesired binaries with uncommon build-time settings. > > 6. The central server will also collect multiple binary packages from multiple >people who use `almostfreelunch` for the same packages and the same >build-time options. I.e. multiple qtwebengine with identical build-time >settings (e.g. same USE flags, make.conf, etc). > > 7. The central server will perform statistical analysis against all of the >uploaded binaries, of the same packages and the same claimed build-time >settings, to cross-check those binaries to obtain a statistical confidence >in identifying which of the binaries is the good one, and which ones are >outliers outlier. Outliers might exist because of users with buggy >compilers, or malicious users that intentionally try to inject malware/bugs >into their binaries. > > 8. Thanks to information theory, we will be able to figure out how much >redundancy is needed in order to numerically calculate confidence value > that >shows how trusty a given binary is. E.g. if a package, with specific >build-time options, as a very large number of binary submissions that are >also extremely similar (i.e. only differ in trivial aspects due to certain >randomness in how compilers work), then the central server can calculate a >high confidence value for it. Else, the confidence value drops. > > 9. If a user invokes `almostfreelunch -aqvDuNt --backbrack=1000 qtwebengine` >and the central server tells the user that there is an already compiled >package with the same settings, then the server simply tells the user, and >shows him the confidence associated with the fitness of the binary (based > on >calculations in stepss (6) to (8)). By default, bins with too-low >confidence values will be masked and proper colours will be used to >adequately scare the users from low-confidence packages. > > 10. If at step (9) the user likes the confidence of the pre-compiled binary >package, the user can simply download the binary package, blazing fast, > with >all the nice UES and make.conf flags that he has. Else, the user is free > to >compile his own version, and upload his own binary, to help the server >enhance its confidence as calculated in steps (6) to (8). > > > NOTES: > -- > * The statistical analysis in step (5) can also consider the compile time of > packages. So the minimum popularity required for a specific package build > is > weighted while considering the total build time. This way, too > slow-to-build > packages will end up getting a lower minimum popularity than those small > packages. Choosing the sweet-spot trade-off is a matter of optimizing > resources of the central server. > > * The statistical analysis in steps (6) to (8) could also be further enhanced > by ranking individual users who upload the binaries. Users, who upload >
