<p>Em 20/07/2011 03:10, "Ben Walton" <<a href="mailto:bwalton@opencsw.org">bwalton@opencsw.org</a>> escreveu:<br>
><br>
><br>
> Hi All,<br>
><br>
> At this point, I'm fairly happy with the gpg signing daemon. You<br>
> should be able to request a signed (with a dummy key) catalog on the<br>
> buildfarm by doing:<br>
><br>
> curl -s<br>
> <a href="http://192.168.1.40:9981/clearsign/opencsw-future/unstable/i386/5.9">http://192.168.1.40:9981/clearsign/opencsw-future/unstable/i386/5.9</a><br>
><br>
> Valid urls for the daemon are:<br>
><br>
> /(clearsign|detachsign)/(opencsw|opencsw-future)/(unstable|current)/...<br>
><br>
> Give it a kick and see for yourself.<br>
><br>
> The code is in a git repository:<br>
> gitosis@mirror.opencsw.org:cswsign.git<br>
><br>
> We don't have gitweb enabled there, but if you want access, I'll add<br>
> your public key so you can check it out. We could host this in the<br>
> github/opencsw framework that Rupert has been working on if that's<br>
> considered better (likely).<br>
><br>
> Additionally, I've written a basic script to integrate this feature<br>
> with the script that is currently generating the catalogs for<br>
> opencsw-future/unstable. I still need to plug it in, but the basics<br>
> are in place now.<br>
><br>
> The remaining pieces for automated signing are:<br>
><br>
> 1. Enable outbound mail notification from cswsign on the buildfarm.<br>
> 2. Integrate the generate-catalog script into generate-unstable.<br>
> 3. Activate.<br>
><br>
> This will leave two major automation tasks remaining:<br>
><br>
> 1. Mantis integration.<br>
> 2. Promotion from unstable to current. (depends on 1)<br>
><br>
> If I understand correctly, Maciej re-integrated current and unstable<br>
> before leaving for vacation. That means that packages newly pushed to<br>
> unstable can (when #2 is ready) be promoted as appropriate to current.</p>
<p>Yes, I have integrated unstable into dublin. I'll explain a bit about how I organized catalogs, so that we all use the same terminology. If anyone objects to the way I did it, please say. Here go the details.</p>
<p>There are 2 places that hold catalog information: files on disk, visible at <a href="http://mirror.opencsw.org">mirror.opencsw.org</a>, and the buildfarm database, visible through <a href="http://buildfarm.opencsw.org">buildfarm.opencsw.org</a>. Information migration is possible in both directions. On the disk, there are two places, 'opencsw' and 'opencsw-future'. They also differ. 'opencsw' represents the old state as of the last time the former release manager touched it. 'opencsw-future' holds the proposed new structure. </p>
<p>Some catalogs are the same in both places, for example unstable and dublin. However, some aren't, notably current is not the same in opencsw-future and in the DB.</p>
<p>In opencsw-future, we integrate from unstable into a named release. Currently, the named release is "dublin". We also talked about "testing". In opencsw-future, testing is (can be) an alias for the named release we're currently working on.</p>
<p>There is no concept of an alias in the database. That's why there is no "testing" there.</p>
<p>We provide the URL ending in "current" for backward compatibility. There is also a catalog named "current" in the database, but it contains a snapshot of current on the official mirror. Perhaps we should rename it (in the DB) to "current-legacy" to make it explicit that it is not what we serve from .../opencsw-future/current/.</p>
<p>Back to catalog signing, I suggest that we say "we sign unstable and dublin" or "we sign unstable and testing". Let "current" become a term denoting a legacy URL.</p>
<p>I hope it makes sense to you. If it doesn't, or you need more information, please say.</p>
<p>I am excited about the upcoming signing automation. I feel we are close to completing the new workflow which will make it easy to move forward. We have a number of new ideas in the pipeline, from me it will be new Python versions, reworked PostgreSQL and new MySQL version.</p>
<p>Maciej<br>
</p>