How to ensure allowed packages are liberated? Hosting own repo maybe?

[reback00]

9 adds an allowlist feature which allows some packages to be not conflicted with by your-freedom. It is intended to be used when we liberate a package. When writing decscription I thought how can we make sure if the package we are allowing/whitelisting is liberated?

My thoughts are that we should:

• Replace already existing semi free packages from Void with our own version
• Configure the system so that future installs are taken from a liberated repo, not Void (for semifree packages)

I think having a hosted repo should be nice to have for this. I recently came across fosshost.org. On their FAQ thay say that they allow mirrors for projects and they are free.

[drake-newell]

So we would build those packages on such a hosted repo? That looks really cool! It would be really easy with a tool like xbps-mini-builder.

[reback00]

So we would build those packages on such a hosted repo?

It would be great if that could be done. Unfortunately I have no idea on how to do these stuff. Maybe setting up a CI on the server could help. I wonder how Void guys do it.

[drake-newell]

@reback00 I don't think we necessarily need to it like they do for a relatively small amount of packages. One of the void devs made a tool to automate xbps-src to a certain degree. I use it to build linux-libre and it works great. https://github.com/the-maldridge/xbps-mini-builder

[reback00]

• Replace already existing semi free packages from Void with our own version
• Configure the system so that future installs are taken from a liberated repo, not Void (for semifree packages)

Is there any configs that we can set to ensure these? I know APT has some configs (pin or something) to favor one repo more over the others. Never tried that with xbps.

man xbps-install has these:

     -i, --ignore-conf-repos
         Ignore repositories defined in configuration files.  Only
         repositories specified in the command line via --repository will be
         used.

     -R, --repository url
         Appends the specified repository to the top of the list. The url
         argument expects a URL to the repository for remote repositories or a
         path for local repositories. Note that remote repositories must be
         signed using xbps-rindex(1).  This option can be specified multiple
         times.

But we can't say to add these everytime installing things. A priority config would be nice to have.

[drake-newell]

Once a package is installed from this custom repo, it can be locked to only installing from that repo using xbps-pkgdb -m repolock <package> (Source: https://docs.voidlinux.org/xbps/advanced-usage.html?highlight=Repository,lock#repository-locking-packages).

[reback00]

That would need manual intervention. It would've been nice to have something setup once and just work, without ever needing to worry about the repos. Maybe xbps doesn't have this yet. New feature idea I suppose?

[drake-newell]

@reback00 Not really. We could have something in the void-liberation script to, if selected after choosing to install your-freedom, loop through the minor conflicting installed packages and install their free versions before repolocking them.

[reback00]

Well, then repolock seems to be a better option. Maybe we can go through the your-freedom's allowlist.txt and install them with -i and -R, then repolock with xbps-pkgdb -m repolock <package>. But there might be some better options out there. I'll post on reddit to see if someone has a better idea.

EDIT: Just posted here.

[reback00]

@drake-newell I think we've got a better solution from Duncaen on reddit. We can create a file named something like /etc/xbps.d/40-libre.conf and put repository=https://somerepodomain.com/repopath/ and it should work. It should work like expected if bestmatching=yes is not set (it's commented by default, so we should be ok).

Let me quote Duncaen here:

repos are always prioritized by the order in which they are read from configuration files, /etc/xbps.d is read before /usr/share/xbps.d, 00-repo.conf is read before 99-repo.conf and a line comes before the next line. xbps only searches all repos for the newest package if the bestmatching=yes option is set, otherwise with the default behavior it chooses the first repo that contains the package name for installations and updates.

EDIT: It should solve point #2, but not sure about #1.

• Replace already existing semi free packages from Void with our own version
• Configure the system so that future installs are taken from a liberated repo, not Void (for semifree packages)

[drake-newell]

@reback00 That sounds great. I'll try adding it to void-liberation-remote since that's the one that installs from a remote repo, and that we'll eventually start using once we have the custom repo set up.