Hi,
Till asked that I push my changes to a Git repo somewhere, to track them
more easily, so here they are.
On Thu, 2014-04-10 at 15:38 +0800, Mathieu Bridon wrote:
The first [five] patches to be merged would be on the infrastructure
side:
https://github.com/bochecha/fedora-infrastructure/compare/master...lookas...
With that deployed in production, pretty much nothing changes for
clients: they can still upload tarballs using md5, just like right now.
However, the server-side starts accepting uploads with sha512.
At the same time, we can apply the client-side patch to fedpkg:
https://github.com/bochecha/fedpkg/compare/master...lookasidehashes
That simply removes the assumption that we're always uploading
with md5,
instead respecting the 'lookaside_hash' parameter
in /etc/rpkg/$site.conf... which is still md5 right now.
So with all the above applied and deployed, nothing changes. :)
The last things to do are:
- set the `lookaside_hash` parameter to `sha512` in fedpkg.conf
(one-line patch not yet submitted)
https://github.com/bochecha/fedpkg/compare/lookasidehashes...lookasidehas...
- copy all the archives currently on the lookaside cache into the
proper
path based on their sha512 hash (with hardlinking to save space)
- on a cut-off date, drop the md5 fallback from the server-side cgi
script
https://github.com/bochecha/fedora-infrastructure/compare/lookasidehashes...
The last point above would obviously need to happen **after** the
first
one (i.e a new fedpkg landed in stable with that new configuration
value), pretty much as soon as we're ready.
At that point, new archives are uploaded exclusively using sha512, but
old archives are available both as md5 or sha512.
--
Mathieu