Luke Shumaker wrote:
> 2. Use db-{move,update,remove}
>
> Change:
>
> Rework `db-import-pkg` to set up a `db-update`-style staging
> directory, rather than manipulating the repos directly. At
> this point, `db-import-pkg` is still running as `repo`.
> However, set `ProtectSystem=strict`, limit it to a staging &
> scratch directory, and have it
>
> ssh localhost DBSCRIPTS_CONFIG=...${UPSTREAM} db-update
>
> to add/remove packages. This will involve adding an ssh key
> for repo.
>
> Rationale: Obviously, this is a primary objective. Using
> ssh+ProtectSystem allows us to ensure that the objective is met.
>
> Concerns: Testing this will probably involve running an SSH server
> in the test suite.
I ended up not implementing it with `ssh localhost`. That can come
later. But it does now use db-{move,update,remove}, which it simply
calls directly.
> Timeframe: As soon as I can get it done after step 1; a couple of
> days.
This has been ready to go since the 3rd, but I didn't want to roll
anything out with the bugtracker or mailing list down.
> 3. Migrate humans off of repo@
>
> Change: Adjust the default `libretools.conf:REPODEST` to be
> `ssh://$libreu...@repo.parabola.nu:1863/~/staging/` instead of
> `ssh://r...@repo.parabola.nu:1863/~/staging/$LIBREUSER/staging/`.
>
> Rationale: This will change the user-separated `db-update` from
> opt-in (following step 1) to opt-out.
>
> DISRUPTION: This will make the default configuration unsuitable
> for packagers whose local username doesn't match their username in
> hackers.git. They will need to manually adjust their
> `libretools.conf:REPODEST` to have the correct username.
If the user sets REPODEST in their
~/.config/libretools/libretools.conf, then the default HOOKPRERELEASE
won't do the right thing. Maybe we say "you'll also need to set
HOOKPRERELEASE if you set REPODEST there", or "you need to set
REPODEST in /etc". But I don't like those solutions. Things should
just work, intuitively.
The "obvious" answer is to adjust the expression at HOOKPRERELEASE to
be evaluated at call-time, rather than config-parse-time. But, at
call-time, it doesn't have REPODEST.
I'll have to meditate about what to do.
Current status:
[x] 1. Set up the `repo` group [eta: 2018-08-23]
[x] 2. Use db-{move,update,remove} [eta: 2018-09-20]
[-] 3. Migrate humans off of repo@ [eta: ???]
[ ] 4. Migrate robots off of repo@ [eta: a week after that]
--
Happy hacking,
~ Luke Shumaker
_______________________________________________
Dev mailing list
Dev@lists.parabola.nu
https://lists.parabola.nu/mailman/listinfo/dev
