[CentOS-devel] CERN pre-dojo meeting topic : Sig request for sig specific git

Fri Oct 27 06:30:03 UTC 2017
Fabian Arrotin <arrfab at centos.org>

On 26/10/17 22:11, Brian Stinson wrote:
> On Oct 24 18:08, Matthias Runge wrote:
>> On Tue, Oct 24, 2017 at 03:46:28PM +0100, George Dunlap wrote:
>>> On Tue, Oct 24, 2017 at 9:59 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>>>> <paste>
>>>> sigs would like to use centpkg / lookaside, build direct through git to koji
>>>> authentication requirements to accounts.centos.org
>>>> Fabian to evaluate git solutions and report back to sig chairs.
>>>> mrunge has volunteered to be the "guinea pig" of the new system
>>>> </paste>
>>>>
>>>> Waiting for comments/input/feedback on those points
>>
>> Thank you for kicking this off!
>>
>> Storing specs + upstream sources somewhere would solve my primary
>> concern with creating some more reproducible builds. Even in a
>> small team, it seems scary to upload "somehow" created srpms to get
>> them built in cbs.
>>
>>>
>>> From our discussion, I remember that with the "lookaside cache", it
>>> should be possible for a "drive-by" contributor to submit a change
>>> which included a new tarball, by submitting a pull request that had
>>> the proper hash; I could then download the tarball from the upstream
>>> website myself, verify the hash, and upload it to the lookaside cache
>>> when merging the PR.
>>
>> Yes, I remember we discussed it briefly, on how to enable drive-by
>> contributions or how to lower the barrier for contributors.
>>
>> I'd be fine with patches/pull-requests/whatever for spec files. I'd try
>> to pull down sources myself anyways.
>>
>> Ideally, any solution would be supported by a central tool, comparable to
>> fedpkg for fedora. I know there is centpkg, but I'm currently unsure how
>> git and source upload is handled there.
> 
> Centpkg currently only deals with source RPMs. This is blocked on some
> sort of git solution with proper credentialing such that the SIG members
> can do basic operations. If such a thing came up, centpkg could easily
> become a thing again, and could be the right "central tool" for the job.  
> 

I haven't tested LFS myself, but as Gitea (that I deployed as a PoC, so
that Matthias could play with it) supports that, I was wondering if that
couldn't be a simple solution to store blobs/tarballs, without a need to
write a kind of "lookaside cache" solution that would have to do ACL
verification. AFAICS, LFS through git does that automatically through
git permissions

The client side would need to be worked on though : git-lfs seems to
exist in recent Fedora, but nothing in Epel7.
https://bugzilla.redhat.com/show_bug.cgi?id=1504322
https://src.fedoraproject.org/rpms/git-lfs/blob/master/f/git-lfs.spec

I haven't tried a rebuild, as from a quick look in the .spec, it would
need quite some packages to be available , including higher git (or can
we force SCLo for this ?)

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20171027/3fdeb156/attachment-0008.sig>