Underlying assumptions
• Circular dependencies are impossible
• Packages don't conflict, unless *explicitly* specified as alternatives
• Packages always work with the latest version of their dependencies
	• In other words, we don't try to solve bugs in packages being installed
		• Incompatibilities are bugs.
• Installation only requires the host's /bin dir available read-only as /bin
	• Nothing attempts to install to /bin directly, but will instead go to /$objtype/bin or /rc/bin etc
• The only build mechanism needed is `mk all`, with objtype configured appropriately
	• The only install mechanism needed is `mk install`, with objtype configured appropriately

• Software which violates these assumptions may exist; it will not be supported.
	• Basically, fix your software instead of demanding that ours accounts for your bugs.

tl;dr: don't support bad software, assume sanity, and don't check if programs meet basic standards of reason.

Design


• Use dedicated namespaces with a unionfs to sandbox builds and installs and track artifacts and outputs
• Use binds to control data and output
	• Store package manager data anywhere - $home/pkg, /sys/pkg /tmp, etc; bind it over /pkg
		• /pkg/src contains active git sources, only cleaned on request
		• /pkg/current contains information about currently installed packages - version info, for instance
		• /pkg/roots contains built package trees. e.g. /pkg/roots/netsurf-$HASH.fs contains the paqfs image of a given netsurf tree.
• The root system is *not* a package, and must be managed separately.
• Use a paqfs for build tools and for install tools, and set up namespaces which only contain needed software, marked *read-only*
	• If the host system is needed (e.g. libc, APE), it is mounted read-only.
	• Build tools and install tools are mounted read only
	• Dependencies are imported into the namespace read-only
	• The source repo is imported read-only
	• The only writable fs in the build namespace is an empty ramfs. All build artifacts end up in this ramfs.
	• The install namespace is even smaller
		• Read-only install tools, the build artifacts, and the source repository are imported read-only
		• The only writable fs is an empty ramfs, so `mk install` only affects it
			• The ramfs' contents are either copied directly to /root or stored in a paqfs in /sys/pkg/roots/$package.fs
			• A file list is generated using `walk` so that uninstallation can be cleanly performed, if installed to /root
• Generated binary packages are paqfses with /meta/ containing metadata and /root containing the tree.
• Packages are encoded in C.
	• Lua-specified packages as a lu9 extension are a possibility, but that is currently undecided.
	• Repo URLs can be used directly, in which case the user is responsible for dependency handling.
• Dependencies are specified as a list of packages.
	• The latest version is always used unless an explicit override is given
		• If there are conflicts with a specific version, the correct course is to fix the package and update
• Packages can be listed as alternatives

ANTS-specific


• /sys/pkg is system-wide package directory
• Using an alternate system relies on namespaces: bind the target over /root, and its /sys/pkg over /pkg
• Add some scripts to automate usage with arbitrary fossils
• The root system *is* a package, but it can't be installed, only updated.