https://fedoraproject.org/wiki/Changes/RPMCoW == Summary == RPM Copy on Write provides a better experience for Fedora Users as it reduces the amount of I/O and offsets CPU cost of package decompression. RPM Copy on Write uses reflinking capabilities in btrfs, which is the default filesystem in Fedora 33. == Owners == * Name: [[User:malmond|Matthew Almond]], [[User:dcavalca|Davide Cavalca]] * Email: malmond(a)fb.com, dcavalca(a)fb.com == Detailed description == Installing and upgrading software packages is a standard part of managing the lifecycle of any operating system. For the entire lifecycle of Fedora, all software is packaged and distributed using the RPM file fomat. This proposal changes how software is downloaded and installed, leaving the distribution process unmodified. === Current process === # Resolve packaging request into a list of packages and operations # Download and verify new packages # Install and/or upgrade packages sequentially using RPM files, decompressing, and writing a copy of the new files to storage. === New process === # Resolve packaging request into a list of packages and operations # Download and '''decompress''' packages into a '''locally optimized''' rpm file # Install and/or upgrade packages sequentially using RPM files, using '''reference linking''' (reflinking) to reuse data already on disk. The outcome is intended to be the same, but the order of operations is different. # Decompression happens inline with download. This has a positive effect on resource usage: downloads are typically limited by bandwidth. Decompression and writing the full data into a single file per rpm is essentially free. Additionally: if there is more than one download at a time, a multi-CPU system can be better utilized. All compression types supported in RPM work because this uses the rpm I/O functions. # RPMs are cached on local storage between downloading and installation time as normal. This allows DNF to defer actual RPM installation to when all the RPM are available. This is unchanged. # The file format for RPMs is different with Copy on Write. The headers are identical, but the payload is different. There is also a footer. ## Files are converted (“transcoded”) locally during download using <code>/usr/bin/rpm2extents</code> (part of rpm codebase). The format is not intended to be “portable” - i.e. copying the files from the cache is not supported. ## Regular RPMs use a compressed .cpio based payload. In contrast, extent based RPMs contain uncompressed data aligned to the fundamental page size of the architecture, e.g. 4KiB on x86_64. This alignment is required for <code>FICLONERANGE</code> to work. Only files are represented in the payload, other directory entries like symlinks, device nodes etc are constructed entirely from rpm header information. Files are referenced by their digest, so identical files are de-duplicated. ## The footer currently has three sections ### Table of original (rpm) file digests, used to validate the integrity of the download in dnf. ### Table of digest → offset used when actually installing files. ### Signature 8 bytes at the end of the file, used to differentiate between traditional RPMs and extent based. === Notes === # The headers are preserved bit for bit during transcoding. This preserves signatures. The signatures cover the main header blob, and the main header blob ensures the integrity of data in two ways: ## Each file with content has a digest. Originally this was md5, but today it’s usually sha256. In normal RPM this is only used to verify the integrity of files, e.g. <code>rpm -V</code>. With CoW we use this as a content key. ## There is/are one or two digests (<code>PAYLOADDIGEST</code> and <code>PAYLOADDIGESTALT</code>) covering the payload archive (compressed cpio). The header value is preserved, but transcoded RPMs do not preserve the original structure so RPM’s pre-installation verification (controlled by <code>%_pkgverify_level</code> will fail. <code>dnf-plugin-cow</code> disables this check in dnf because it verifies the whole file digest which is captured during download/transcoding. The second one is likely used for delta rpm. # This is untested, and possibly incompatible with delta RPM (drpm). The process for reconstructing an rpm to install from a delta is expensive from both a CPU and I/O perspective, while only providing marginal benefits on download size. It is expected that having delta rpm enabled (which is the default) will be handled gracefully. # Disk space requirements are expected to be marginally higher than before: all new packages or updates will consume their installed size before installation instead of about half their size (regular rpms with payloads still cost space). # <code>rpm-plugin-reflink</code> will fall back to simple file copying when the destination path is not on the same filesystem/subvolume. A common example is <code>/boot</code> and/or <code>/boot/efi</code>. # The system will still work on other filesystem types, but will ''always'' fall back to simple copying. This is expected to be slightly slower than not enabling CoW because the source for copying will be the decompressed data. # For systems that enable transparent filesystem compression: every file will continue to be decompressed from the original rpm, and then transparently re-compressed by the filesystem. There is no effective change here. There is a future project to investigate alternate distribution mechanics to provide parallel versions of file content pre-compressed in a filesystem specific format, reducing both CPU costs and I/O. It is expected that this will result in slightly higher network utilization because filesystem compression is purposely restricted to allow random I/O. # Current implementation of <code>dnf-plugin-cow</code> is in Python, but it looks possible to implement this in <code>libdnf</code> instead which would make it work in <code>packagekit</code>. === Performance Metrics === Ballpark performance difference is about half the duration for file download+install time. A lot of rpms are very small, so it’s difficult to see/measure. Larger RPMs give much clearer signal. (Actual numbers/charts will be supplied in Jan 2021) === Terminology === * '''Copy on Write (CoW)''' is a broad description of any technology that reduces or eliminates data duplication by sharing the data behind the scenes until one of the references makes changes. This has been a cornerstone technology in memory management in Unix systems. Here we are using it to specifically reference Copy on Write as supported in modern filesystems, e.g. btrfs, xfs and potentially others. * '''Reflink''' is the verb for duplicating stored data on a filesystem. See [https://man7.org/linux/man-pages/man2/ioctl_ficlonerange.2.html ioctl_ficlonerange(2)] for the specific call we use on Linux * '''Extent''' (based RPMs) refers to how payload file data is stored in within an RPM. Normal RPMs simply contain a compressed CPIO archive. Extent based RPMs contain the raw data uncompressed, which can be referenced with reflink. == Benefit to Fedora == Faster package installs and upgrades == Scope == * Proposal owners: ** Merge changes to rpm, librepo to enable capabilities ** Add dnf-plugin-cow to available packages ** Test days ** Aid with documentation * Other developers: ** rpm, librepo: review PRs as needed * Release engineering: https://pagure.io/releng/issue/9914 * Policies and guidelines: N/A * Trademark approval: N/A == Upgrade/compatibility impact == None, RPM with CoW is not enabled by default. Upgrades with <code>keepcache</code> in dnf.conf will be able to use existing packages, but it will not convert them. This only happens at download time. If a system is configured to keep packages in the cache (<code>keepcache</code> in <code>dnf.conf</code>) and <code>dnf-plugin-cow</code> is removed then the packages will be unusable. Recommend <code>dnf clean packages</code> to resolve this. == How to test == Enable RPM with CoW with <pre>$ sudo dnf install dnf-plugin-cow ... $ sudo dnf install hello ... $ hello Hello, world!</pre> There should be no end user visible changes, except timing. == User experience == No anticipated user visible changes in this change proposal. This makes the feature available, but does not enable it by default. == Dependencies == # A copy-on-write filesystem; this Change is primarily targeting btrfs, but RPM with CoW should work with XFS as well (untested) # Most package install paths and the dnf package cache on the same filesystem / subvolume. # <code>rpm</code> with Copy on Write patch set: https://github.com/malmond77/rpm/tree/cow # <code>librepo</code> with transcoding support: https://github.com/malmond77/librepo/tree/transcode_cow # dnf-plugin-reflink (a new package): https://github.com/facebookincubator/dnf-plugin-cow/ == Contingency plan == * Contingency mechanism: will not include PR patches if not merged upstream, skip <code>dnf-plugin-cow</code> * Contingency deadline: Final freeze * Blocks release? No * Blocks product? No == Documentation == Documentation will be available at https://github.com/facebookincubator/dnf-plugin-cow in the coming weeks == Release Notes == RPM with CoW is not enabled by default. To enable it: <pre>$ sudo dnf install dnf-plugin-cow</pre>

On Mon, Dec 21, 2020 at 11:39 am, Neal Gompa <ngompa13(a)gmail.com&gt; wrote: > This is very exciting! There is one thing, though: we need a libdnf > plugin for PackageKit to use too. "DNF plugins" are at the Python > layer, and libdnf has its own plugin system that C/C++ consumers can > use. So if both a libdnf and a dnf plugin exist, then the experience > is consistent between PK and DNF. > > But that leads to my other question: why not just integrate this into > libdnf and turn it into an option that can be activated in > /etc/dnf/dnf.conf? That seems to be the most straightforward way to do > this. From the change proposal: # Current implementation of <code>dnf-plugin-cow</code> is in Python, but it looks possible to implement this in <code>libdnf</code> instead which would make it work in <code>packagekit</code>

I cannot find it anywhere in rpm codebase.

Hmm, I, personally, see much better perfomance (and storage) improvements in enabling %_minimize_writes however there is still https://bugzilla.redhat.com/show_bug.cgi?id=1872141 to be resolved before this got enabled by default.

On 12/21/20 12:28 PM, Ben Cotton wrote: > ... > > === New process === > > # Resolve packaging request into a list of packages and operations > # Download and '''decompress''' packages into a '''locally > optimized''' rpm file > # Install and/or upgrade packages sequentially using RPM files, > using > '''reference linking''' (reflinking) to reuse data already on disk. This sound great because free space requirements can be reduced, specially when installing new packages. I have experimented building very small appliances using btrfs compression on things like /usr/share. So I think this could disrupt this because if I am correct the extends will be first downloaded to a temporary directory without compression enabled.

I am happy with an option to disable this behavior.

> === New process === > # Resolve packaging request into a list of packages and operations > # Download and '''decompress''' packages into a '''locally optimized''' rpm file > # Install and/or upgrade packages sequentially using RPM files, using ''reference linking''' (reflinking) to reuse data already on

This sound great because free space requirements can be reduced, specially when installing new packages.

I have experimented building very small appliances using btrfs compression on things like /usr/share. So I think this could disrupt this because if I am correct the extends will be first downloaded to a temporary directory without compression enabled.

I am happy with an option to disable this behavior.

https://fedoraproject.org/wiki/Changes/RPMCoW

# dnf-plugin-reflink (a new package): https://github.com/facebookincubator/dnf-plugin-cow/

== Summary == RPM Copy on Write provides a better experience for Fedora Users as it reduces the amount of I/O and offsets CPU cost of package decompression. RPM Copy on Write uses reflinking capabilities in btrfs, which is the default filesystem in Fedora 33.

# Decompression happens inline with download.

## Regular RPMs use a compressed .cpio based payload. In contrast, extent based RPMs contain uncompressed data aligned to the fundamental page size of the architecture, e.g. 4KiB on x86_64. This alignment is required for <code>FICLONERANGE</code> to work. Only files are represented in the payload, other directory entries like symlinks, device nodes etc are constructed entirely from rpm header information.

Files are referenced by their digest, so identical files are de-duplicated.

# Disk space requirements are expected to be marginally higher than before: all new packages or updates will consume their installed size before installation instead of about half their size (regular rpms with payloads still cost space).

As an aside, I *really* hate this split of terminology we have among Editions, Spins, and Labs. It's confusing to everyone. :(

On Mon, Dec 21, 2020, at 1:07 PM, Neal Gompa wrote: Yes it does. It avoids writing the compressed data and then copying it back out uncompressed, which is the same amount of savings as the reflink approach. (It's also equally incompatible with deltarpm) No - static deltas exist, plus layered RPMs work on the wire the same. But this isn't really relevant here. Adding a hardlink indeed requires updating inodes proportional to the number of files, but that's more an implementation of the transactional update approach, not of the "download and unpack in parallel" part which is more what we're discussing here. (Though they are entangled a bit) Anyways, I'd still stand by my summary that the much lower tech "files in temporary directory that get rename()d" approach would be all of *more* efficient on disk, simpler to implement and much less disruptive than an RPM format change. (The main cost would be a new temporary directory path that would need cleanup as part of e.g. `yum clean` etc.)

I fail to see why this would be significantly better...

The logic to handle the split rpm contents would seem to be more complicated than the rewrite with /usr/bin/rpm2extents. Other comments?

On Mon, Dec 21, 2020, at 11:28 AM, Ben Cotton wrote: > > > == Summary == > > RPM Copy on Write provides a better experience for Fedora Users as > it > reduces the amount of I/O and offsets CPU cost of package > decompression. RPM Copy on Write uses reflinking capabilities in > btrfs, which is the default filesystem in Fedora 33. A bunch of points here: - No, it's the default for one Edition. Others don't default to it. And even for Workstation we can't *require* it because it's definitely supported to use other filesystems and storage layouts. - Orthogonal to this, I'd also note that xfs supports reflinks too. Combining those I'd say instead e.g.: "Most Fedora Editions default to a filesystem that support reflinks, e.g. btrfs or xfs" (actually I think IoT defaults to ext4 for...probably they didn't consider it?)

- When talking about RPMs we need to think about container images, which use overlayfs by default, which defers to the underlying filesystem for reflinks - so should be fine, but should be explicitly written down (and tested)

https://fedoraproject.org/wiki/Changes/RPMCoW == Summary == RPM Copy on Write provides a better experience for Fedora Users as it reduces the amount of I/O and offsets CPU cost of package decompression. RPM Copy on Write uses reflinking capabilities in btrfs, which is the default filesystem in Fedora 33.

### Signature 8 bytes at the end of the file, used to differentiate between traditional RPMs and extent based.

=== Notes === # The headers are preserved bit for bit during transcoding. This preserves signatures. The signatures cover the main header blob, and the main header blob ensures the integrity of data in two ways: ## Each file with content has a digest. Originally this was md5, but today it’s usually sha256. In normal RPM this is only used to verify the integrity of files, e.g. <code>rpm -V</code>. With CoW we use this as a content key. ## There is/are one or two digests (<code>PAYLOADDIGEST</code> and <code>PAYLOADDIGESTALT</code>) covering the payload archive (compressed cpio). The header value is preserved, but transcoded RPMs do not preserve the original structure so RPM’s pre-installation verification (controlled by <code>%_pkgverify_level</code> will fail. <code>dnf-plugin-cow</code> disables this check in dnf because it verifies the whole file digest which is captured during

download/transcoding. The second one is likely used for delta rpm. # This is untested, and possibly incompatible with delta RPM (drpm). The process for reconstructing an rpm to install from a delta is expensive from both a CPU and I/O perspective, while only providing marginal benefits on download size. It is expected that having delta rpm enabled (which is the default) will be handled gracefully.

=== Performance Metrics === Ballpark performance difference is about half the duration for file download+install time. A lot of rpms are very small, so it’s difficult to see/measure. Larger RPMs give much clearer signal. (Actual numbers/charts will be supplied in Jan 2021)

Am 21.12.20 um 18:53 schrieb Kevin Fenzi: > But in general perhaps we should decide how much value drpms provide > these days and either make sure we are making more of them, or drop > them. delta rpms safe so much time in form of bandwidth on the client side. If something really needs to change, it is the 50+ MB repo database that gets downloaded. It takes ages on slow connections to download and than you want to increase the size of the rpms too.. Doesn't sound like a good idea.

delta rpms safe so much time in form of bandwidth on the client side. If something really needs to change, it is the 50+ MB repo database that gets downloaded. It takes ages on slow connections to download

As someone who has to package for multiple distributions, I would oppose any attempt to cripple DNF to stop supporting file dependencies properly. I *aggressively* use file dependencies to avoid having to litter my spec files with package name dependencies across RH/Fedora, SUSE, Mandriva/Mageia, and others.

Am 21.12.20 um 18:53 schrieb Kevin Fenzi: > But in general perhaps we should decide how much value drpms provide > these days and either make sure we are making more of them, or drop > them. delta rpms safe so much time in form of bandwidth on the client side.

On Tue, Dec 22, 2020 at 02:02:13PM -0800, Kevin Fenzi wrote: > > delta rpms safe so much time in form of bandwidth on the client side. > Well, it's tradeoffs. They save bandwith and download time on one side, > but use lots of cpu cycles and disk space on the other. It just depends > on what each person wants based on their situation and hardware. They actually use a lot of cpu cycles on _both_ sides, really.

On Wed, Dec 30, 2020 at 01:18:38PM +0000, Zbigniew Jędrzejewski-Szmek wrote: > On Tue, Dec 22, 2020 at 05:09:08PM -0500, Matthew Miller wrote: > > On Tue, Dec 22, 2020 at 02:02:13PM -0800, Kevin Fenzi wrote: > > > > delta rpms safe so much time in form of bandwidth on the client side. > > > Well, it's tradeoffs. They save bandwith and download time on one side, > > > but use lots of cpu cycles and disk space on the other. It just depends > > > on what each person wants based on their situation and hardware. > > > > They actually use a lot of cpu cycles on _both_ sides, really. > > I thought that zchunk would obsolete drpm. What's the story here? Nope, they are different things. zchunk = a way to only download changed chunks of repodata. drpms = a way to only download changed chunks of rpms.

> Also, in recent times, any dnf upgrade I did reported "savings" from > drpm on the level <1% [*]. Am I doing something wrong or is this expected? > Is there some usage pattern where there drpm provides real gain with > current Fedora? This is most likely because we are only making drpms against the most recent updates. So, we are making very few drpms and only against things that recently updated.

For example: https://dl.fedoraproject.org/pub/fedora/linux/updates/33/Everything/x86_6... (126 drpms for all of f33 updates).

FWIW, I also think it's time for drpms to go.  Aside from any potential issues with the proposed change, they haven't been useful in Fedora for three years, (see https://pagure.io/releng/issue/7215), and nobody's been able to put in the time to fix it yet.  If that changed and someone was willing to step up and commit to fixing this, I'd feel very differently. In addition, drpms aren't even working at the moment.  Something has changed during the last week or so that's broken them (see https://bugzilla.redhat.com/show_bug.cgi?id=1911828).  I'll take a look, but, being honest, there's not much motivation to investigate this when drpms are of such marginal use in Fedora at the moment. Jonathan

I remember when drpms landed I heard people say they choose Fedora because of them. That may have changed over the years I guess. :) and there have been only 2 or 3 reports about how few drpms exist in the last few years (ie, most people didn't really notice).

There's been a lot of interesting talk about the state and future of drpm. I'd like to propose we continue the conversation about that with a different subject line :)

On Mon, Jan 04, 2021 at 06:29:13PM -0500, Matthew Miller wrote: > On Mon, Jan 04, 2021 at 10:21:15PM +0000, Matthew Almond via devel wrote: >> There's been a lot of interesting talk about the state and future of >> drpm. I'd like to propose we continue the conversation about that with >> a different subject line :) > > Okay, fair. I have a proposal. > > Right now, the problem is that making delta rpms is expensive, and therefore > we aren't making very many, which makes them even less useful. Plus, we're > only making them between updates and for packages where those updates are > frequent, that means you need to keep on top of things, which may be best > practice but is most difficult for low-bandwidth users who might most > benefit in the first place. > > So, the first thing we need to do to fix this is move deltarpm creation out > of the updates process. Kevin Fenzi tells me this would mean we'd need a > separate delta RPMs repo, which doesn't sound like a bad thing to me, but > we're not sure offhand if DNF can handle that without modification. Yeah, I don't recall how dnf looks for drpms. Right now they are in the same repo, using the same repodata. If we moved them to a new repo would they get found correctly? > This would let us make the delta RPMs asynchronously and not block updates. > And, it would also give us the ability to roughly see how important they are > to users, because we could see how popular that repository is compared to > the updates repo. > > I also remember when this was a killer feature for Fedora, and without any > real way of judging use and demand, I'm hesitant to kill it off. But that's > definitely plan B. We can point people who are in low-bandwidth situations > at Silverblue, CoreOS, and Kinoite as the preferred approach. Yeah, I came up with one more possible way we could get more drpms with our current setup, but need to talk to pungi maintainers and see if it's doable. :) After that, it's either split things out or drop drpms I think.

Dne 05. 01. 21 v 0:29 Matthew Miller napsal(a): > So, the first thing we need to do to fix this is move deltarpm creation out > of the updates process. Right. > Kevin Fenzi tells me this would mean we'd need a > separate delta RPMs repo, Why? You can do that in the same repo. You just need once per X days/hours run createrepo_c --deltas --num-deltas X

Miroslav Suchy, RHCA Red Hat, Associate Manager ABRT/Copr, #brno, #fedora-buildsys _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

On the next f33-updates push the entire process runs again. It never _updates_ existing repos, it always creates them.

I also remember when this was a killer feature for Fedora, and without any real way of judging use and demand, I'm hesitant to kill it off.

> I also remember when this was a killer feature for Fedora, and without any > real way of judging use and demand, I'm hesitant to kill it off. Is it really saving bandwidth, though? The reported savings are generally very small for me. Downloading the metadata costs something as well.

The metadata would also be much larger, and so would be the battery usage to recompress the payload. 8-(

On Mon, Jan 4, 2021, at 6:29 PM, Matthew Miller wrote: > > I also remember when this was a killer feature for Fedora, and without any > real way of judging use and demand, I'm hesitant to kill it off. But that's > definitely plan B. We can point people who are in low-bandwidth situations > at Silverblue, CoreOS, and Kinoite as the preferred approach. Please don't use phrasing like this that implies e.g. CoreOS is distinct from "Fedora".

A much technically clearer way to say this would be "traditional dnf Fedora" versus rpm-ostree. But even then it's not fully distinct because rpm-ostree also links to libdnf and whenever you use package layering, it's all the same RPM tools on the wire. Though...ah right, the deltarpm implementation lives in the dnf Python code, not the libdnf library, so rpm-ostree doesn't do that. Second - and this should be emphasized - a common case at least on Silverblue is that you run dnf inside a toolbox-style container (or more than one!). So all bandwidth improvements apply there too. In other words this (implict) contrast between the two is false because in both cases there are hybrids. Now speaking of deltas - really delta implementations are going to benefit from a stronger "cadence" to releases, exactly much like what we do for CoreOS (but not Silverblue/IoT) today. The relationship of such a system and Bodhi is...messy. ostree deltas are also *much* better than deltarpm in various ways (most notably the CPU intensive part is bsdiff which we only use selectively instead of the whole thing).

On the other hand, we really want deltas too for containers; that's https://github.com/containers/image/pull/902 A very tricky case is the intersection of all of these; for my "dev container"/toolbox on my Silverblue workstation I use a custom container built on a server with all of my tools, but I do often `yum update` inside it since that works incrementally and online. (But I do periodically flush and re-pull) If we implemented container deltas I'd be a lot more likely to use `podman` to update it instead.

Yet another reason why popcon would be useful.

we aren't making very many, which makes them even less useful. Plus, we're only making them between updates and for packages where those updates are frequent, that means you need to keep on top of things, which may be best practice but is most difficult for low-bandwidth users who might most benefit in the first place.

Cool. A few questions inline... On Mon, Dec 21, 2020 at 11:28:51AM -0500, Ben Cotton wrote: > https://fedoraproject.org/wiki/Changes/RPMCoW > > > == Summary == > > RPM Copy on Write provides a better experience for Fedora Users as > it > reduces the amount of I/O and offsets CPU cost of package > decompression. RPM Copy on Write uses reflinking capabilities in > btrfs, which is the default filesystem in Fedora 33. What happens if you enable this on non btrfs installs? Does it just not work gracefully? Does it fail somehow?

https://fedoraproject.org/wiki/Changes/RPMCoW#Notes

I currently download once and upgrade three different systems by rsync-ing the cache. Do I understand that this will no longer be supported or work?

https://fedoraproject.org/wiki/Changes/RPMCoW == Summary == RPM Copy on Write provides a better experience for Fedora Users as it reduces the amount of I/O and offsets CPU cost of package decompression. RPM Copy on Write uses reflinking capabilities in btrfs, which is the default filesystem in Fedora 33. == Owners == * Name: [[User:malmond|Matthew Almond]], [[User:dcavalca|Davide Cavalca]] * Email: malmond(a)fb.com, dcavalca(a)fb.com == Detailed description == Installing and upgrading software packages is a standard part of managing the lifecycle of any operating system. For the entire lifecycle of Fedora, all software is packaged and distributed using the RPM file fomat. This proposal changes how software is downloaded and installed, leaving the distribution process unmodified. === Current process === # Resolve packaging request into a list of packages and operations # Download and verify new packages # Install and/or upgrade packages sequentially using RPM files, decompressing, and writing a copy of the new files to storage. === New process === # Resolve packaging request into a list of packages and operations # Download and '''decompress''' packages into a '''locally optimized''' rpm file

# Install and/or upgrade packages sequentially using RPM files, using '''reference linking''' (reflinking) to reuse data already on disk.

The outcome is intended to be the same, but the order of operations is different. # Decompression happens inline with download. This has a positive effect on resource usage: downloads are typically limited by bandwidth. Decompression and writing the full data into a single file per rpm is essentially free. Additionally: if there is more than one download at a time, a multi-CPU system can be better utilized. All compression types supported in RPM work because this uses the rpm I/O functions.

# RPMs are cached on local storage between downloading and installation time as normal. This allows DNF to defer actual RPM installation to when all the RPM are available. This is unchanged. # The file format for RPMs is different with Copy on Write. The headers are identical, but the payload is different. There is also a footer. ## Files are converted (“transcoded”) locally during download using <code>/usr/bin/rpm2extents</code> (part of rpm codebase). The format is not intended to be “portable” - i.e. copying the files from the cache is not supported.

## Regular RPMs use a compressed .cpio based payload. In contrast, extent based RPMs contain uncompressed data aligned to the fundamental page size of the architecture, e.g. 4KiB on x86_64. This alignment is required for <code>FICLONERANGE</code> to work. Only files are represented in the payload, other directory entries like symlinks, device nodes etc are constructed entirely from rpm header information. Files are referenced by their digest, so identical files are de-duplicated.

## The footer currently has three sections ### Table of original (rpm) file digests, used to validate the integrity of the download in dnf. ### Table of digest → offset used when actually installing files. ### Signature 8 bytes at the end of the file, used to differentiate between traditional RPMs and extent based.

=== Notes === # The headers are preserved bit for bit during transcoding. This preserves signatures. The signatures cover the main header blob, and the main header blob ensures the integrity of data in two ways: ## Each file with content has a digest. Originally this was md5, but today it’s usually sha256. In normal RPM this is only used to verify the integrity of files, e.g. <code>rpm -V</code>. With CoW we use this as a content key. ## There is/are one or two digests (<code>PAYLOADDIGEST</code> and <code>PAYLOADDIGESTALT</code>) covering the payload archive (compressed cpio). The header value is preserved, but transcoded RPMs do not preserve the original structure so RPM’s pre-installation verification (controlled by <code>%_pkgverify_level</code> will fail. <code>dnf-plugin-cow</code> disables this check in dnf because it verifies the whole file digest which is captured during download/transcoding. The second one is likely used for delta rpm. # This is untested, and possibly incompatible with delta RPM (drpm). The process for reconstructing an rpm to install from a delta is expensive from both a CPU and I/O perspective, while only providing marginal benefits on download size. It is expected that having delta rpm enabled (which is the default) will be handled gracefully.

# Disk space requirements are expected to be marginally higher than before: all new packages or updates will consume their installed size before installation instead of about half their size (regular rpms with payloads still cost space). # <code>rpm-plugin-reflink</code> will fall back to simple file copying when the destination path is not on the same filesystem/subvolume. A common example is <code>/boot</code> and/or <code>/boot/efi</code>. # The system will still work on other filesystem types, but will ''always'' fall back to simple copying. This is expected to be slightly slower than not enabling CoW because the source for copying will be the decompressed data.

# For systems that enable transparent filesystem compression: every file will continue to be decompressed from the original rpm, and then transparently re-compressed by the filesystem. There is no effective change here. There is a future project to investigate alternate distribution mechanics to provide parallel versions of file content pre-compressed in a filesystem specific format, reducing both CPU costs and I/O. It is expected that this will result in slightly higher network utilization because filesystem compression is purposely restricted to allow random I/O. # Current implementation of <code>dnf-plugin-cow</code> is in Python, but it looks possible to implement this in <code>libdnf</code> instead which would make it work in <code>packagekit</code>. === Performance Metrics === Ballpark performance difference is about half the duration for file download+install time. A lot of rpms are very small, so it’s difficult to see/measure. Larger RPMs give much clearer signal. (Actual numbers/charts will be supplied in Jan 2021)

Depends on how it got there, and what you asked for. Here's some examples: 1. cp foo.rpm /var/cache/dnf/<repo>/Packages/ && dnf install foo ...will fail the librepo full file check, and it'll be re- downloaded. 2. dnf install /root/foo.rpm || rpm -i /root/foo.rpm (not actually tested) will likely fail with CPIO/payload error Note that tools like rpm2cpio and rpm2archive will also fail on transcoded rpms. I have an open task to make the dnf plugin not transcode with 'yumdownloader' or 'dnf download' (plugin) as those are reasonable command to run. I will look at making error messages better and/or making some of these use cases work.

Signature *verification* partially works. Everything to do with signatures on just the header works (and the header describes the payload digest). There is one specific area which needs fixed: regular RPMs are read, digested, and signature verified before decompression. We need to guard against malicious compressed payloads that either perform a DoS on space/time, or worse (but more difficult) could exploit a bug in a decompression library. I am actively working on this.