Need some updates push changes
Josh Boyer
jwboyer at gmail.com
Wed Nov 25 18:42:33 UTC 2009
On Wed, Nov 25, 2009 at 08:56:06AM -0800, Jesse Keating wrote:
>On Wed, 2009-11-25 at 07:54 -0500, Josh Boyer wrote:
>> On the signing front alone, there are a couple things we could do with some
>> additional bodhi/koji work. The first is to have koji auto-sign everything. I
>> think that is the best solution, but it's also the farthest off and I would
>> rather not wait for that. Another idea is to have bodhi put packages in a
>> special tag when they are requested for push and remove them once the push is
>> complete. E.g.
>>
>> User A submits package for F12 updates-testing push. Bodhi queues it up like
>> normal, and does the equivalent of 'koji tag-pkg f12-updates-testing-push'.
>> When the push is complete, it untags the packages from said tags.
>>
>> Then I could actually run the sigul script on the tag instead of relying on
>> bodhi to get me a list of packages that need signing. It would increase the
>> time I have for signing as well, since bodhi won't give me the list of packages
>> queued while a push is going on.
>
>We also need to get some mitr time to make sigul run multithreaded.
>We're far far underutilizing the hardware we allocated for this system.
>
>As to the above, why can't we just sign everything in the various
>*-updates-candidate tags? You'll wind up signing more than what is
>going to be pushed, but since you're doing it frequently it'll not
>matter as much. Since we are using only one key for F11 and F12
>updates, this would accomplish all the signing needed for those trees.
Aside from the time and koji storage, I see no real issues. I was going
to try that next week. I'll let you know how it goes.
josh
More information about the rel-eng
mailing list