AlmaLinux Build System is designed to handle processes of:
- Building rpm packages for multiple supported architectures and distribution versions.
- Testing packages.
- Signing packages. See more on the Signing packages page.
- Releasing packages.
- Ensuring that packages and their sources are reliably using SBOM.
- Providing Errata.
AlmaLinux OS source code including modified packages is stored and managed in Git repositories on git.almalinux.org.
AlmaLinux OS Team and community work on these repositories to submit changes, fix bugs, and introduce new features. The AlmaLinux Build System is then used to pull the latest changes from these repositories and build the updated packages.
- The Build System Master Service provides an API that UI and CLI tools use to build, test, sign and release the packages.
- The sources to build the AlmaLinux OS packages are taken from the AlmaLinux git server, which are either synchronized directly from the CentOS git server, or updated manually by the AlmaLinux packagers. All the package sources that are used to build AlmaLinux OS packages are notarized commit by commit, and this information is stored in our immudb instance.
- The Build Node continuously asks the Master Service for new tasks to build packages from the provided git references. The built packages will be marked as verified only if the git references used to build the packages have been notarized. Built packages and build logs (or artifacts) are stored in the Artifact Storage (PULP), which only keeps notarized artifacts, this is, trusted and verified artifacts.
- Test System receives Test Tasks to test built packages from Artifact Storage. The Test System tests packages via Test Nodes (eg. Docker or OpenNebula with different architectures) and store test artifacts (test logs) in Artifact Storage.
- Sign Server receives sign tasks to sign packages with the corresponding PGP key. The Sign Server retrieves the unsigned packages, verifies that the packages are notarized, and signs them. Signed packages are then notarized again, storing this information in immudb and then saving the signed packages in the Artifact Storage.
- Release System receives release tasks to upload signed packages to public repositories.
- Each step involved in the build process is notarized and stored in immudb using a unique hash (immudb hash). This process ensures that traceability is guaranteed and that the information generated throughout the build process and stored in immudb can be used later on to generate SBOM documents.
If you are interested in learning how to build AlmaLinux OS packages, please check the Packaging guidelines and Building packages guide.
Details and guides on how the AlmaLinux Build System works and how to use it can be found in the AlmaLinux Build System Wiki.
All issues should be reported to the Build System repository. A kanban board is used for the Build System project to track the progress.
AlmaLinux Build System is open for community contributions. You can contribute to the codebase, submit patches, and use community product repositories to build and release packages. You can find more on the Build System SIG page.
Join the ~SIG/Build System chat channel for any talk and assistance.