Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for git repo as an upstream source #114

Merged
merged 2 commits into from
Oct 4, 2024
Merged

Support for git repo as an upstream source #114

merged 2 commits into from
Oct 4, 2024

Conversation

manith-arista
Copy link
Contributor

In addition to tarball and srpms, eext now supports git repo as an upstream source.

@manith-arista
Copy link
Contributor Author

Pending tasks:

  1. Change implementation of git clone
  2. Add support for local-eextsubdir
  3. Find method to verify git repo with eext keychain, change signature check default to False for now.
  4. Change Source0 in spec file to use generic

aajith-arista
aajith-arista requested changes Jun 27, 2024
View reviewed changes
@manith-arista manith-arista force-pushed the manith.upstream-git branch 4 times, most recently from 3534c67 to a46b528 Compare July 3, 2024 08:00
@manith-arista manith-arista marked this pull request as draft July 26, 2024 09:33
@manith-arista manith-arista force-pushed the manith.upstream-git branch 2 times, most recently from 2f5d428 to 62fab2e Compare August 13, 2024 15:11
@manith-arista manith-arista marked this pull request as ready for review August 13, 2024 15:11
@manith-arista
Copy link
Contributor Author

eext now supports git as an upstream source. Users can now add the url to the upstream git repo, along with the revision(commit/tag) at which they want to snapshot.
This PR is the first part of the 'git as upstream source' commit.

We intend to add another variant git-worktree, which will let us embed an eext.yaml to an existing internal git repo, to convert it into an eext package.

aajith-arista
aajith-arista requested changes Aug 14, 2024
View reviewed changes
Copy link
Collaborator

@aajith-arista aajith-arista left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pls also add live code review comments notes here

@manith-arista
Copy link
Contributor Author

Comments from the live code review

  • Don't use upstream repo as test case, instead fork the repo to a local repo (which will be the way forward for git as a source repos). Check with openssh team to get more details on how to go about this.
  • For now, create a git repo within testData and use it as a source.
  • Define naming convention for the forked repo (should be same as upstream)
  • Split create_srpm into separate implementation for git and other sources.

@manith-arista manith-arista force-pushed the manith.upstream-git branch 2 times, most recently from f902d9e to c445d52 Compare September 19, 2024 14:57
@manith-arista
Copy link
Contributor Author

Major changes with the latest update:

  • Refactored the code to split create_srpm into create_srpm_git and create_srpm_others.
  • Migrated git test cases, to use a local repo instead of upstream git repo.
  • Moved verification of upstream-source to their respective files.
  • Changes naming convention of generated git tarball (Instead of using a hash generated filePath, use Source0.tar.gz; to allow using multiple sources)
  • Moved temp directories related to upstream stuff to /var/eext/<pkg>/upstream

aajith-arista
aajith-arista previously approved these changes Sep 20, 2024
View reviewed changes
@manith-arista
Update expired tcpdump public key
13915dc 
The tcpdump public key currently in our repo has expired in 2023.
Hence we are updating the public key file to the latest one published,
to ensure signature checks are passing for packages using this key.
@manith-arista manith-arista force-pushed the manith.upstream-git branch 2 times, most recently from 30a1fee to ae59da4 Compare September 28, 2024 11:54
@manith-arista
Copy link
Contributor Author

Rebased PR to the latest commit

@manith-arista
Add support for git repo as upstream source
2e896a0 
eext currently supports 'srpm' and 'tarball' as upstream sources for
packages. Some users wanted to use an upstream git repo directly as
source for security purposes. Hence we add support for eext to use an
upstream git repo as an upstream source.

The git upstream source requires 'url' and 'revision' to be specified.
'url': Web url to the upstream git repo
'revision': Commit hash or release tag of the git repo

Users can verify their upstream git repo at the revision provided, by
specifying the corresponding public key. Note that this verification
only works if the commit/tag are signed, since we use 'git-verify' to
validate. For unsigned commits/tags, user need to enable 'skip-check'
in the signature field (not recommended though, since this may introduce
security vulnerabilities).

Another rule users need to adhere to while using git repo as upstream,
is that the spec file in 'spec/' folder should be named '<pkgName>.spec'
where 'pkgName' is the same as mentioned in eext.yaml.
And within the spec file, please ensure that the 'Source0:' field is
defined as:
Source0: 'Source0.tar.gz'
This is to ensure multiple sources can be supported.

Fixes: BUG952303
@manith-arista manith-arista merged commit 4b0cbae into main Oct 4, 2024
2 checks passed
@manith-arista manith-arista deleted the manith.upstream-git branch October 4, 2024 09:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aajith-arista aajith-arista aajith-arista approved these changes

@manishk-arista manishk-arista Awaiting requested review from manishk-arista

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@manith-arista @aajith-arista