path: root/glep-0060.rst

---
GLEP: 60
Title: Manifest2 filetypes
Author: Robin Hugh Johnson <robbat2@gentoo.org>
Type: Standards Track
Status: Replaced
Version: 1
Created: 2008-10-22
Last-Modified: 2018-04-07
Post-History: 2009-12-01, 2010-01-31
Content-Type: text/x-rst
Requires: 44
Replaced-By: 74
---

Abstract
========
Clarification of the Manifest2 [GLEP44]_ specification, including new
types to help in the tree-signing specification.

Motivation
==========
[GLEP44]_ was not entirely clear on the usage of filetype specifiers.
This document serves to provide some of the internal logic used by
Portage at the point of writing, as well as adding new types to cover
the rest of the tree, for the purposes of tree-signing coverage.

This GLEP is not mandatory for the tree-signing specification, but
instead aims to clarify the usage of the Manifest2 filetype specifiers,
and note which types signify files that are allowed to be missing from
the tree (e.g. a user excluding a package or category). As such, it is
also able to stand on its own.

Specification
=============
General
-------
For any given directory with a Manifest file, every file located in that
directory, or a sub-directory must be listed in that Manifest file,
unless stated otherwise in the following sections. The Manifest file
must not contain an entry for itself.

Excluded files
--------------
When generating or validating a Manifest, or committing to a version
control system, the package manager should endeavour to ignore files
created by a version control system, backup files from text editors. A
non-exhaustive list is suggested here: ``CVS/``, ``.svn/``, ``.bzr/``,
``.git/``, ``.hg/``, ``.#*``, ``*.rej``, ``*.orig``, ``*.bak``, ``*~``.

Additionally, for a transitional Manifest1->Manifest2 system, old-style
digest files located in a 'files/' directory, may be excluded from
Manifest2 generation, or included with a type of MISC.

Under strict security conditions, the exclusion list may be ignored
during validation if the existence of a file would be considered a
security risk.

Existing filetypes:
-------------------
AUX
~~~
- The AUX type is used for all items under the 'files' subdirectory. 
- They should be verified relative to $FILESDIR. 
- The string 'files/' is left out of the Manifest line. 
- The absence of a file mentioned by AUX must be treated as an error. 
- The AUX type is intended to denote potentially executable content
  (either directly or indirectly), that must be treated an error if
  modified or absent.

EBUILD
~~~~~~
- The EBUILD type is used solely for files ending in .ebuild, or other
  suffixes as defined by the EAPI.
- The files are located in the same directory as the Manifest file. 
- The modification or absence of a file mentioned by EBUILD must be
  treated as an error.

DIST
~~~~
- The DIST type is used for distfiles
- They may be found directly via the $DISTDIR setting of the package
  manager. 
- During simple verification of a Manifest, a missing DIST file should
  not be consider as a validation error (it is however a failure to
  fetch or unpack).

MISC
~~~~
- The MISC type covers all remaining files in a directory. 
- MISC is intended to mark all content that was not used in
  some way that directly affected execution of the package manager. 
- This includes metadata.xml and ChangeLog entries, and any other purely
  informational content.
- MISC entries where the file is missing may optionally be ignored as by
  non-strict package managers.
- It should be possible to install a package while all MISC entries have
  been deleted from the tree.


New filetypes:
--------------
_INFO (new, abstract)
~~~~~~~~~~~~~~~~~~~~~
- This is the functionality of the old AUX, but does not include the
  implicit 'files/' prefix in the path, and is verified relative to the
  working directory instead of $FILESDIR.
- The modification or absence of a file listed as a _INFO-derived type 
  is not an error unless the package manager is attempting to be strict.

_CRIT (new, abstract)
~~~~~~~~~~~~~~~~~~~~~
- _CRIT is based off the _INFO type.
- The modification or absence of a file listed as a _CRIT-derived type 
  MUST be treated as an error.

EBUILD
~~~~~~
- Now derived from _CRIT.
- Otherwise unchanged.

DIST
~~~~
- Now derived from _CRIT.
- Otherwise unchanged.

MISC
~~~~
- Now derived from _INFO.
- Otherwise unchanged.

MANIFEST (new)
~~~~~~~~~~~~~~
- The MANIFEST type is explicitly to cover all nested Manifest files.
- During validation, this serves as an indicator that the package
  manager may need to check subtree Manifest file. 
- A missing MANIFEST file may be treated as a minor (e.g. excluding an
  entire category) or critical validation failure.
- The failure should be considered as critical only if files that would
  be directly covered by this Manifest are missing. Deletion of a
  category-level Manifest while preserving the packages is forbidden.
  Deletion of an entire category is not.

ECLASS (new)
~~~~~~~~~~~~
- uses _CRIT.
- This type shall be used for all eclasses only.

DATA (new)
~~~~~~~~~~
- uses _CRIT.
- The DATA type shall be used for all files that directly affect the
  package manager, such as metadata/cache/* and profiles/.

EXEC (new)
~~~~~~~~~~
- uses _CRIT.
- If the file gets sourced, executed, or causes a change (patches) in
  how something is sourced or executed, it belongs in the EXEC
  filetype.
- This filetype should be used for the scripts directories of a
  repository for important files.
- This filetype is not limited to being used in the files/
  subdirectory.

OTHER (new)
~~~~~~~~~~~
- uses _CRIT.
- All other files that are not covered by another type should be
  considered as 'OTHER'.
- Any further new filetypes should be introduced to subtract files
  from the 'OTHER' set.
- If a package manager runs into a unknown Manifest2 type, it should
  be treated as 'OTHER'.

On Bloat
--------
If repeated use of a common path prefix is considered a bloat problem, a
Manifest file should be added inside the common directory, however this
should not be done blindly, as bloat by inodes is more significant for
the majority of use cases. See also [GLEP58]_ on size reductions of
Manifests.

Chosing a filetype
------------------
1. matches ``Manifest``
    => MANIFEST, stop.
2. matches ``*.ebuild``
    => EBUILD, stop.
3. matches ``*.eclass``
    => ECLASS, stop.
4. listed in SRC_URI 
    => DIST, stop.
5. matches ``files/*``
    => AUX, continue [see note].
6. matches any of ``*.sh``, ``*.bashrc``, ``*.patch``, ...
    => EXEC, stop.
7. matches any of ``metadata/cache/*``, ``profiles/``, ``package.*``, ``use.mask*``, ...
    => DATA, stop.
8. matches any of ``ChangeLog``, ``metadata.xml``, ``*.desc``, ...
    => MISC, stop.
9. not matched by any other rule 
    => OTHER, stop.

The logic behind 5, 6, 7 is ensuring that every item that by its
presence or absence may be dangerous should always be treated strictly.
(Consider epatch given a directory of patches ``${FILESDIR}/${PV}/``,
where it blindly includes them, or alternatively, the package.mask file
or a profile being altered/missing).

The above lists of file patterns are not intended to be exhaustive,
but merely demonstrative.

Note: The AUX entries should only be generated if we are generating a
compatible Manifest that supports older versions of Portage. They should
be generated along with the new type.

Backwards Compatibility
=======================
For generation of existing package Manifests, the AUX entries must
continue to be present for the standard Portage deprecation cycle.
The new entries may be included already in all Manifest files, as they
will be ignored by older Portage versions. Over time, ECLASS, DATA,
EXEC, OTHER may replace the existing AUX type.

The adoption of this proposal does also affect [GLEP58]_ as part of
this GLEP series, however this GLEP was an offset of the research in
that GLEP.

Thanks to
=========
I'd like to thank the following people for input on this GLEP.
- Marius Mauch (genone) & Zac Medico (zmedico): Portage Manifest2

References
==========
.. [GLEP44] Mauch, M. (2005) GLEP44 - Manifest2 format.
   https://www.gentoo.org/glep/glep-0044.html

.. [GLEP58] Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest
   https://www.gentoo.org/glep/glep-0058.html

Copyright
=========
Copyright (c) 2005-2010 by Robin Hugh Johnson.

This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
Unported License.  To view a copy of this license, visit
https://creativecommons.org/licenses/by-sa/3.0/.

.. vim: tw=72 ts=2 expandtab: