F8 yum update problem

[Michael Schwendt]

On 13/12/2007, Todd Zullinger wrote:
> Michael,
>
> Many thanks to you for correcting my inaccuracies and offering your
> experience and insights.  Your work on keeping Cor + Extras repos in a
> sane state is greatly appreciated.

I'm not involved in anything related to the Core repos. Only Extras.

> Aren't the repos now created fresh each time and thus require the
> whole multilib compose (which is slow, as far as I have read/heard)?

Yes, if "mash" is used, which asks koji for the full list of packages
with a given tag.

> If not, are there good reasons why it's not done?  I know things have
> changed greatly with the introduction of the new build tools.  Do you
> happen to know if that's the main reason that repoclosure isn't run
> before each push now?

It's unimplemented afaik.

AIUI, the pkg signatures are stored in koji already, and bodhi only
adjusts the tags, e.g. when a package is moved from updates-candidates
to updates. Once mash has built an up-to-date set of updates repos,
repoclosure could be run as a last check, and that alone would not
take much time. The problem I see is that it's an all-or-nothing
operation when the compose takes so long and important security fixes
are included. If broken deps are found, it would be necessary to
determine and untag the bad packages and very likely redo the full
compose to remove them -- if there are no tools that can modify the
temporary repos differently. And then run repoclosure again, as the
removed packages may be dependencies of other packages which would be
published. It's a scenario that asks for a more mighty implementation.