Hi,
As you probably know, we use rpmlint internally in autobuild since some
time. I wrote a hack to allow something similar in the buildservice
(yes, I know that proper rpmlint integration is planned in the bs).
Use
<repository name="openSUSE_Factory">
<path repository="openSUSE_Factory" project="home:michal-m:rpmlint"/>
<arch>i586</arch>
<arch>x86_64</arch>
</repository>
in your project config to run rpmlint after each build. Unfortunately
this only works for packages that have a %clean section and only for
10.3 and Factory builds. Also please note that the repositories can be
broken at any time :) For example usage, see the home:michal-m:test project.
have fun,
Michal
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
Hi,
Following http://en.opensuse.org/Build_Service_Tutorial#Create_Patterns
, I'm trying to create some patterns (`osc meta -e mattern') for the
server:php project. My goal is to
- create a pattern, say PHP5, that installs php5 packages from the
correstonding "base distro" repository, eg. when on 10.2, it would
install from download.o.o/repositories/server:/php/openSUSE_10.2/
- create a pattern Apache2_and_PHP5, that installs php5 packages built
against the Apache project, that is install from
software.o.o/repositories/server:/php/server_apache_openSUSE_10.2/
_and_ from software.o.o/repositories/Apache/openSUSE_10.2/
- likewise for the server:database builds and the not yet present
server:database + Apache combined builds
My problem is that I don't know how to restrict a pattern to just some
build targets. I created an Apache2_and_PHP5 pattern, but the resulting
Apache2_and_PHP5.ymp files of course show up everywhere. I'd like to
have different patterns with different descriptions for different build
combinations.
thanks,
Michal
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
Hi there,
there is now a Ubuntu:7.10 project. It is not mentioned on the web pages yet,
since I consider the configuration for it still in BETA.
But feel free to build against it using the web expert mask or osc and report
success and failures :)
Btw, this is our first .deb based distribution in the OBS, which also provides
amd64/x86_64 packages :)
bye
adrian
--
Adrian Schroeter
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
email: adrian(a)suse.de
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
Hi,
I have hit a weird issue when enabling %debug_package when wrapped
inside something like this:
%if 0%{?suse_version}
%debug_package
Build Requires: blah...
%endif
If %debug_package is enabled, the install portion fails on all Suse
versions by seemingly unsetting RPM_BUILD_ROOT so the install part tries
to install into /usr not /var/tmp/package/usr
Package in question is:
https://build.opensuse.org/package/show?project=home%3Amrdocs&package=gsview
Now Mandriva seems to automagically enable debug packages, so there is
no need to enable it in the spec file.
This package has reliably built before on OBS on all rpm distros and
arches.
Is this a subtle difference in the rpm versions from FC. Mdk and Suse ?
or could this be an OBS issue?
Thoughts ?
Thanks,
Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
I wonder what are the security policies for openSUSE? What are the
chances for malicious software (rootkits, trojans) being offered through
the build service?
What is the procedure for security holes and/or exploits in software
offered in the openSUSE build repositories? I get the feeling openSUSE
is becoming just as insecure as Windows hence the warning you get when
adding repo's with 1-click install (see attachment). Or am I mistaken?
Any info would be appreciated!
--
Regards,
Aniruddha
Please adhere to the OpenSUSE_mailing_list_netiquette
http://en.opensuse.org/OpenSUSE_mailing_list_netiquette
Greetings All,
The redirector is causing problems again. Now with installation for many users.
Some of the mirrors are broken or under heavy load, but the redirector
is still redirecting people to those mirrors. This coupled with the
fact that the openSUSE installer now selects "use online repositories"
by default (a good thing) means that many people are experiencing
failed installations.
The real problem is the mirror "sticky" that means people always get
the same mirror. This means that if the user gets a bad mirror and a
package download timeout then the installation has essentially failed.
If the user clicks retry he/she will get the same mirror, and a
timeout again, and again. There is approximately 1minute timeout
between attempts, and several hundred packages to install from online
sources by default. This means even if the user clicks "skip" for each
package it will take hours to complete the install. So the install has
effectively failed because of the redirector's mirror sticky.
Quite a number of users have commented on this behaviour, I have
experienced it myself with 2 installs already. It has also been
mentioned in some reviews, contributing to overall bad reviews of
10.3.
Other distribution's solutions:
1: Round Robin DNS
+ No problem with redirector server going down
+ If one of the mirrors in rotation is broken clicking "retry" will
likely select a good mirror.
+ Location based mirror selection not possible but can have e.g.
eu.download.opensuse.org, us.download.opensuse.org ... etc
- Frequently changing repositories such as on the build service, could
bounce between new metadata & old packages and vice versa.
2: Mirror list files
Other distributions use mirror-list-files which the package manager interprets.
+ No sticking-to-bad-mirror problem of the redirector.
+ Avoids the bouncing between mirrors problem of RR DNS.
- The server with the mirror list on needs to be up when it is requested.
- Cannot be achieved without modifying the client package management software.
Sticky breaks installations, no sticky breaks general package
management - what is the solution? Can the redirector do better
checking on mirror availability and status? any thoughts? A solution
that can be achieved by only modifying d.o.o so that future 10.3
installations can go smoothly is obviously preferable.
_
Benjamin Weber
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
Hi,
Isn't Fedora 5 end of life? Any reason it's still in the build service?
Wade
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
Hello,
I'd like to update some packages in my repository home:ferichter,
but I cannot login to the Build Service. I filed a bug
(https://bugzilla.novell.com/show_bug.cgi?id=306247, it shows the error
message by the web client software), but for two months now, it is still in
state "new".
What should I do? Simply register as a new user?
Best regards,
Felix
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
Where is it documented how the data in a RPM is laid out? What
data is signed in a signed RPM?
The reason I ask this question is the following:
In keeping with the original UNIX "many small tools" philosophy,
imagine the following 2 utilities:
rpmdetachsig:
Takes a rpm together with the gpg keys and a passphrase from user
it goes through the exact same procedure as "rpm --addsign" goes through
but instead of creating a signed rpm, creates a DETACHED signature for
the rpm's data. The detached signature is output to a separate file.
rpmadddetachedsig: takes an rpm together with the detached signature
produced by rpmdetachsig, and creates another rpm but signed, just like
it had been signed by "rpm --addsign" in one operation.
Using these utilities, the buildservice could implement the following
procedure for developers that want to sign their rpms:
Developers download their rpm and use rpmdetachsig to create a detached
signature. They then upload the detached signature back to the build
service. The Build service adds the developer's detached signature to
the published rpm (with rpmadddetachedsig). The build service also
adds its own signature to the rpm to indicate that the rpm was indeed
built with the data on the build service.
This procedure (if possible) has the following advantages:
The developers never have to trust the build service with their
secret keys, because the signature creation is done on the developer's
own computer. This is important because many people are unwilling
to trust anyone else with their secret key--properly so.
The Build service knows that the data it publishes was built on the
build server! It accepted the detached signature from the developer
but the rpm on the build service never left the custody of the
build service!
--
Paul Elliott 1(512)837-1096
pelliott(a)io.com PMB 181, 11900 Metric Blvd Suite J
http://www.io.com/~pelliott/pme/ Austin TX 78758-3117
On Mon, 2007-10-29 at 09:15 +0100, Adrian Schröter wrote:
> On Friday 26 October 2007 17:17:42 wrote JP Rosevear:
> > The Factory build service sources seem to be a fair bit behind the
> > Factory repo - for instance dbus-1 1.0.2 versus dbus-1 1.1.2. When will
> > this be upgraded?
>
> WIP ...
Its upgraded, but we appear to have an inconsistent snaphost. See
istanbul in:
https://build.opensuse.org/project/monitor?project=home%3Ajproseve
-JP
--
JP Rosevear <jpr(a)novell.com>
Novell, Inc.
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org