[csw-maintainers] NMUs, non-maintainer uploads

Maciej Bliziński maciej at opencsw.org
Wed May 22 22:29:08 CEST 2013 

On Wed, May 22, 2013 at 11:49:06AM +0200, Peter FELECAN wrote:
> Maciej Bliziński <maciej at opencsw.org> writes:
> 
> > On Wed, May 22, 2013 at 11:20:10AM +0200, Peter FELECAN wrote:
> >> I don't see why somebody runs mgar and he's not the one uploading it;
> >> yes, there is the possibility to have an automatic builder but we don't
> >> have one yet. If there is really no solution around the proxy issue then
> >> consider that the upload-er is the same as the "magar-er".
> >
> > One example could be catalog integrations. Maintainers upload to the
> > unstable catalog, but when packages migrate from unstable to testing,
> > this is usually done by someone else. For the kiel catalog, mgar-er and
> > uploader are almost always two different people.
> 
> In those cases the uploader doesn't matter because the transitions are
> done homogeneously.

Maybe we should define what 'uploader' means. There are 2 components:

1. Making a POST request, causing a .pkg.gz file to be saved in the allpkgs
   directory.
2. Making a PUT request, causing a modification in the database which
   associates certain .pkg.gz file with certain catalog,
   e.g.  unstable-SunOS5.10-sparc.


Inserting a package into a catalog is done in the same way (from the
REST interface perspective), so it does matter who the uploader
(inserter?) is, because this is the person who decided that package
X will be part of catalog Y.

> >> >> > We can no longer modify the package contents at upload time, and I'm
> >> >> > guessing we want everything to be inside the package.
> >> >> 
> >> >> At upload time, the database's attributes are valuated from what's in the
> >> >> package, isn't it?
> >> >
> >> > Yes. However, what we have in the package, is the information about who
> >> > ran 'mgar package'.
> >> 
> >> And there is no information sent by csw-upload-pkg? Hmm...
> >
> > There absolutely is.
> >
> > And it gets nuked by the proxy. :-(
> 
> Every information sent by the tool? Or just specifically the user name?

Specifically the uploader user name. The user name is part of basic HTTP
authentication. Under normal circumstances you can read the REMOTE_USER
veriable from the environment, but proxies are notorious for stripping
this information away, even though the HTTP auth is working. It is
possible to pass REMOTE_USER forward from the proxy to the HTTP server,
but it requires fiddling with the configuration. I tried to make it work
from the level our of Apache configuration, but I wasn't able to fix it.

> What kind of user name are we storing in the package? It seems to me
> that is the one that I put in .garrc, e.g.:
> 
>      # Data for pkginfo
>      SPKG_PACKAGER   = Peter Felecan
>      SPKG_EMAIL      = pfelecan at opencsw.org
> 
> What are the default values for this?

No default values. Every mgar run expects these to be set. In principle,
they could be put in the recipe itself.

These two values are stored in the pkginfo. The email goes into the
EMAIL field, and the full name goes into the VENDOR field as
"... packaged for CSW by ${full_name}".

The user names e.g. displayed at
http://buildfarm.opencsw.org/pkgdb/srv4/ are taken from the EMAIL field
with the @opencsw.org part stripped out.

Maciej

More information about the maintainers mailing list