Stronger hashes for the lookaside cache: Migration plan
Mathieu Bridon
bochecha at fedoraproject.org
Fri Apr 18 03:35:17 UTC 2014
Hi,
Till asked that I push my changes to a Git repo somewhere, to track them
more easily, so here they are.
On Thu, 2014-04-10 at 15:38 +0800, Mathieu Bridon wrote:
> The first [five] patches to be merged would be on the infrastructure
> side:
https://github.com/bochecha/fedora-infrastructure/compare/master...lookasidehashes
> With that deployed in production, pretty much nothing changes for
> clients: they can still upload tarballs using md5, just like right now.
>
> However, the server-side starts accepting uploads with sha512.
>
> At the same time, we can apply the client-side patch to fedpkg:
https://github.com/bochecha/fedpkg/compare/master...lookasidehashes
> That simply removes the assumption that we're always uploading with md5,
> instead respecting the 'lookaside_hash' parameter
> in /etc/rpkg/$site.conf... which is still md5 right now.
>
> So with all the above applied and deployed, nothing changes. :)
>
> The last things to do are:
>
> - set the `lookaside_hash` parameter to `sha512` in fedpkg.conf
> (one-line patch not yet submitted)
https://github.com/bochecha/fedpkg/compare/lookasidehashes...lookasidehashes2
> - copy all the archives currently on the lookaside cache into the proper
> path based on their sha512 hash (with hardlinking to save space)
>
> - on a cut-off date, drop the md5 fallback from the server-side cgi
> script
https://github.com/bochecha/fedora-infrastructure/compare/lookasidehashes...lookasidehashes2
> The last point above would obviously need to happen **after** the first
> one (i.e a new fedpkg landed in stable with that new configuration
> value), pretty much as soon as we're ready.
>
> At that point, new archives are uploaded exclusively using sha512, but
> old archives are available both as md5 or sha512.
--
Mathieu
More information about the rel-eng
mailing list