Bo98
commented
2 months ago On the surface, this seems reasonable and useful from at least a mirroring point of view (as it's a bit tricky to mirror currently).
However it is a bit more complicated. The data in the API allows many Homebrew commands to work offline and significantly faster, such as brew deps, brew info (--json), etc. As more concrete examples: the requirements list is useful to fail fast if something isn't supported on your OS, and dependency tree is ideal to know ahead of time as we fetch everything before parsing.
There's also a security element. We sign the API JSON so it cannot be tampered with by mirrors. No independent protection exists for manifests (it's covered by the bottle sha256s being included in the signed API JSON).
I would like to lean on the manifests more overall, but only if it doesn't degrade the above.
MikeMcQuaid
justenstall
woodruffw
github-actions[bot]
Verification
brew install wget. If they do, open an issue at https://github.com/Homebrew/homebrew-core/issues/new/choose instead.Provide a detailed description of the proposed feature
Update the bottle artifacts pushed to the homebrew/core container registry so they are self-describing. Currently the bottle artifacts do not contain the formula's API metadata.
This can be accomplished by uploading the formula's API JSON data and referencing the blob as the bottle manifests' config.
What is the motivation for the feature?
Combined with #17837, this would allow bottles to be installed without the API.
Two sets of metadata exist for a bottle, the tab contained in an annotation and the API data. The tab is a subset of the necessary information and could contain conflicting information.
How will the feature be relevant to at least 90% of Homebrew users?
Faster install times without downloading the full formula index from the API.
What alternatives to the feature have been considered?
Not implementing the feature.