[CentOS-devel] CERN pre-dojo meeting topic : Sig request for sig specific git

Tue Oct 24 16:08:10 UTC 2017
Matthias Runge <mrunge at matthias-runge.de>

On Tue, Oct 24, 2017 at 03:46:28PM +0100, George Dunlap wrote:
> On Tue, Oct 24, 2017 at 9:59 AM, Fabian Arrotin <arrfab at centos.org> wrote:
> > <paste>
> > sigs would like to use centpkg / lookaside, build direct through git to koji
> > authentication requirements to accounts.centos.org
> > Fabian to evaluate git solutions and report back to sig chairs.
> > mrunge has volunteered to be the "guinea pig" of the new system
> > </paste>
> >
> > Waiting for comments/input/feedback on those points

Thank you for kicking this off!

Storing specs + upstream sources somewhere would solve my primary
concern with creating some more reproducible builds. Even in a
small team, it seems scary to upload "somehow" created srpms to get
them built in cbs.

> 
> From our discussion, I remember that with the "lookaside cache", it
> should be possible for a "drive-by" contributor to submit a change
> which included a new tarball, by submitting a pull request that had
> the proper hash; I could then download the tarball from the upstream
> website myself, verify the hash, and upload it to the lookaside cache
> when merging the PR.

Yes, I remember we discussed it briefly, on how to enable drive-by
contributions or how to lower the barrier for contributors.

I'd be fine with patches/pull-requests/whatever for spec files. I'd try
to pull down sources myself anyways.

Ideally, any solution would be supported by a central tool, comparable to
fedpkg for fedora. I know there is centpkg, but I'm currently unsure how
git and source upload is handled there.

Best,
Matthias
-- 
Matthias Runge <mrunge at matthias-runge.de>