October 2007 - openSUSE Build Service - openSUSE Mailing Lists

[opensuse-buildservice] Poor man's rpmlint integration
by Michal Marek 21 Jan '08

21 Jan '08

Hi, As you probably know, we use rpmlint internally in autobuild since some time. I wrote a hack to allow something similar in the buildservice (yes, I know that proper rpmlint integration is planned in the bs). Use <repository name="openSUSE_Factory"> <path repository="openSUSE_Factory" project="home:michal-m:rpmlint"/> <arch>i586</arch> <arch>x86_64</arch> </repository> in your project config to run rpmlint after each build. Unfortunately this only works for packages that have a %clean section and only for 10.3 and Factory builds. Also please note that the repositories can be broken at any time :) For example usage, see the home:michal-m:test project. have fun, Michal --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org

4 9

[opensuse-buildservice] patterns for speciffic build targets
by Michal Marek 17 Dec '07

17 Dec '07

Hi, Following http://en.opensuse.org/Build_Service_Tutorial#Create_Patterns , I'm trying to create some patterns (`osc meta -e mattern') for the server:php project. My goal is to - create a pattern, say PHP5, that installs php5 packages from the correstonding "base distro" repository, eg. when on 10.2, it would install from download.o.o/repositories/server:/php/openSUSE_10.2/ - create a pattern Apache2_and_PHP5, that installs php5 packages built against the Apache project, that is install from software.o.o/repositories/server:/php/server_apache_openSUSE_10.2/ _and_ from software.o.o/repositories/Apache/openSUSE_10.2/ - likewise for the server:database builds and the not yet present server:database + Apache combined builds My problem is that I don't know how to restrict a pattern to just some build targets. I created an Apache2_and_PHP5 pattern, but the resulting Apache2_and_PHP5.ymp files of course show up everywhere. I'd like to have different patterns with different descriptions for different build combinations. thanks, Michal --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org

3 6

[opensuse-buildservice] Ubuntu 7.10 ...
by Adrian Schröter 10 Dec '07

10 Dec '07

Hi there, there is now a Ubuntu:7.10 project. It is not mentioned on the web pages yet, since I consider the configuration for it still in BETA. But feel free to build against it using the web expert mask or osc and report success and failures :) Btw, this is our first .deb based distribution in the OBS, which also provides amd64/x86_64 packages :) bye adrian -- Adrian Schroeter SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) email: adrian(a)suse.de --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org

2 3

[opensuse-buildservice] %debug_package issues with Suse only
by mrdocs＠scribus.info 29 Nov '07

29 Nov '07

Hi, I have hit a weird issue when enabling %debug_package when wrapped inside something like this: %if 0%{?suse_version} %debug_package Build Requires: blah... %endif If %debug_package is enabled, the install portion fails on all Suse versions by seemingly unsetting RPM_BUILD_ROOT so the install part tries to install into /usr not /var/tmp/package/usr Package in question is: https://build.opensuse.org/package/show?project=home%3Amrdocs&package=gsview Now Mandriva seems to automagically enable debug packages, so there is no need to enable it in the spec file. This package has reliably built before on OBS on all rpm distros and arches. Is this a subtle difference in the rpm versions from FC. Mdk and Suse ? or could this be an OBS issue? Thoughts ? Thanks, Peter --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org

2 1

[opensuse-buildservice] How secure is openSUSE build service?
by Aniruddha 18 Nov '07

18 Nov '07

I wonder what are the security policies for openSUSE? What are the chances for malicious software (rootkits, trojans) being offered through the build service? What is the procedure for security holes and/or exploits in software offered in the openSUSE build repositories? I get the feeling openSUSE is becoming just as insecure as Windows hence the warning you get when adding repo's with 1-click install (see attachment). Or am I mistaken? Any info would be appreciated! -- Regards, Aniruddha Please adhere to the OpenSUSE_mailing_list_netiquette http://en.opensuse.org/OpenSUSE_mailing_list_netiquette

13 58

[opensuse-buildservice] Redirector issues.
by Benji Weber 12 Nov '07

12 Nov '07

Greetings All, The redirector is causing problems again. Now with installation for many users. Some of the mirrors are broken or under heavy load, but the redirector is still redirecting people to those mirrors. This coupled with the fact that the openSUSE installer now selects "use online repositories" by default (a good thing) means that many people are experiencing failed installations. The real problem is the mirror "sticky" that means people always get the same mirror. This means that if the user gets a bad mirror and a package download timeout then the installation has essentially failed. If the user clicks retry he/she will get the same mirror, and a timeout again, and again. There is approximately 1minute timeout between attempts, and several hundred packages to install from online sources by default. This means even if the user clicks "skip" for each package it will take hours to complete the install. So the install has effectively failed because of the redirector's mirror sticky. Quite a number of users have commented on this behaviour, I have experienced it myself with 2 installs already. It has also been mentioned in some reviews, contributing to overall bad reviews of 10.3. Other distribution's solutions: 1: Round Robin DNS + No problem with redirector server going down + If one of the mirrors in rotation is broken clicking "retry" will likely select a good mirror. + Location based mirror selection not possible but can have e.g. eu.download.opensuse.org, us.download.opensuse.org ... etc - Frequently changing repositories such as on the build service, could bounce between new metadata & old packages and vice versa. 2: Mirror list files Other distributions use mirror-list-files which the package manager interprets. + No sticking-to-bad-mirror problem of the redirector. + Avoids the bouncing between mirrors problem of RR DNS. - The server with the mirror list on needs to be up when it is requested. - Cannot be achieved without modifying the client package management software. Sticky breaks installations, no sticky breaks general package management - what is the solution? Can the redirector do better checking on mirror availability and status? any thoughts? A solution that can be achieved by only modifying d.o.o so that future 10.3 installations can go smoothly is obviously preferable. _ Benjamin Weber --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org

9 22

[opensuse-buildservice] Fedora 5 End of life?
by Wade Berrier 06 Nov '07

06 Nov '07

Hi, Isn't Fedora 5 end of life? Any reason it's still in the build service? Wade --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org

4 9

[opensuse-buildservice] Build Service login error
by Felix Richter 05 Nov '07

05 Nov '07

Hello, I'd like to update some packages in my repository home:ferichter, but I cannot login to the Build Service. I filed a bug (https://bugzilla.novell.com/show_bug.cgi?id=306247, it shows the error message by the web client software), but for two months now, it is still in state "new". What should I do? Simply register as a new user? Best regards, Felix --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org

2 2

[opensuse-buildservice] RPMs and detached signatures!
by Paul Elliott 05 Nov '07

05 Nov '07

Where is it documented how the data in a RPM is laid out? What data is signed in a signed RPM? The reason I ask this question is the following: In keeping with the original UNIX "many small tools" philosophy, imagine the following 2 utilities: rpmdetachsig: Takes a rpm together with the gpg keys and a passphrase from user it goes through the exact same procedure as "rpm --addsign" goes through but instead of creating a signed rpm, creates a DETACHED signature for the rpm's data. The detached signature is output to a separate file. rpmadddetachedsig: takes an rpm together with the detached signature produced by rpmdetachsig, and creates another rpm but signed, just like it had been signed by "rpm --addsign" in one operation. Using these utilities, the buildservice could implement the following procedure for developers that want to sign their rpms: Developers download their rpm and use rpmdetachsig to create a detached signature. They then upload the detached signature back to the build service. The Build service adds the developer's detached signature to the published rpm (with rpmadddetachedsig). The build service also adds its own signature to the rpm to indicate that the rpm was indeed built with the data on the build service. This procedure (if possible) has the following advantages: The developers never have to trust the build service with their secret keys, because the signature creation is done on the developer's own computer. This is important because many people are unwilling to trust anyone else with their secret key--properly so. The Build service knows that the data it publishes was built on the build server! It accepted the detached signature from the developer but the rpm on the build service never left the custody of the build service! -- Paul Elliott 1(512)837-1096 pelliott(a)io.com PMB 181, 11900 Metric Blvd Suite J http://www.io.com/~pelliott/pme/ Austin TX 78758-3117

2 1

Re: [opensuse-buildservice] Build Service Factory Upgrade
by JP Rosevear 04 Nov '07

04 Nov '07

On Mon, 2007-10-29 at 09:15 +0100, Adrian Schröter wrote: > On Friday 26 October 2007 17:17:42 wrote JP Rosevear: > > The Factory build service sources seem to be a fair bit behind the > > Factory repo - for instance dbus-1 1.0.2 versus dbus-1 1.1.2. When will > > this be upgraded? > > WIP ... Its upgraded, but we appear to have an inconsistent snaphost. See istanbul in: https://build.opensuse.org/project/monitor?project=home%3Ajproseve -JP -- JP Rosevear <jpr(a)novell.com> Novell, Inc. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org

2 1