A mix of the reproducibility of Nix
and the user-friendliness of Debian's APT
.
- Familiarity & Ease of use:
- Commands such as
install
,remove
,search
,info
, andupdate
- Migrates running services to new versions (happens automatically on security updates)
- Application data, cache, and config are managed, to make backups easier
- Commands such as
- Performance:
- No hooks, just extracts an archive
- Never block the user
- Delta compression for downloads
- Compiler absolutely not required on the target system if using the unmodified public repository
- Reproducibility:
- Every package comes with full instructions on how to build it (a Recipe), to enable local building
- Every package operation (install, update, etc.) creates a new snapshot
- GRUB/Systemd-boot integration to boot into old snapshots
- Can be built offline, all assets are clearly defined for centralized downloading
- Packages can be exported into reproducible standalone archives
- Security:
- "Dynamic Mode": Semver matching of versions for dynamic libs to deliver security updates faster without full rebuilds
- Packages are signed by build server
- Entire
/bold/app
directory can be stored indmverity
for secure immutable systems
- Ease of contribution:
bold hack <package1> <package2>...
makes it easy to test and contribute patches- New packages are easily created (uses Javascript instead of the Nix language)
- "Dumb" Binary cache should be trivial to setup (just an HTTPS server)
- "Smart" Binary cache (build server) should be a single bold package
- Package: File or directory tagged by its name and a hash of its recipe
- Recipe: Instructions on how to build a package in an isolated environment
- Repository: A list of packages and recipes
- Repository generator: Creates the repository
- Binary cache: A networked cache of signed compiled packages
- Snapshot: A local list of installed packages
- System: A list of installed packages managed by the repository
- Evaluate js repository
- Create
snapshot
on update and install - Search package cache
- Hacking on packages
-
System
support - Build packages to archives
- Packages installed manually by name stick through updates
- Also install dependencies
- In
bold install
- In
System
s - Handle recursive dependencies
- In
- Add glibc, gcc, coreutils, bash packages
- Queue install until reboot
- Package removal
- Actually fetch packages
- Build packages if missing from binary cache
- Mirror server
- Build server
- Generate bsdiff from current + most common named version of the package to each version of package
- Save diff only if smaller than new package
- Package signatures
- Add lots of packages
- Host Build+Mirror server
# Package manipulation
bold install <package>...
bold remove <package>...
bold update
bold search
bold list [package]
# Snapshot manipulation
bold switch [snapshot]
# Development
bold hack <package>...
bold run <package>
bold config <package>
bold gc remove
bold gc compress
bold gc archive
/bold/app/: package contents
/bold/cache/: app caches
/bold/cache/bold/bincache: compressed package contents (old snapshots + downloads)
/bold/data/: app data
/bold/etc/: app config
/bold/snapshot/: snapshots
/bold/snapshot/current: symlink to active snapshot
/bold/snapshot/<x>/: snapshot data
/bold/snapshot/<x>/metadata.json: metadata (installed packages, description, etc.)
/bold/snapshot/<x>/cache.db3: available package list
/bold/snapshot/<x>/root/: chroot-able environment for snapshot
/bold/src/: local source code
/bold/src/repo/: (optional) local repo generator
Not a source of truth, it's just the cache for the output of the repo generator.
Required for all package operations (including search).
Updated by the bold update
command.