Our currently sign+push process was designed to automate signing rpm packages, and generating repositories (signed repodata too). As some SIGs would like to start build images (.iso images, live media, etc), we should start designing a function to plumb in that process that wouldn't even try to sign rpm packages, but rather do something else, like downloading produced media image, and push it correct location. That can also include other things like checksum files and detached signature on it
Metadata Update from @arrfab: - Issue marked as blocking: #958 - Issue marked as blocking: #971 - Issue marked as blocking: #988
Metadata Update from @arrfab: - Issue assigned to arrfab
Metadata Update from @arrfab: - Issue tagged with: cbs, centos-build-pipeline, centos-common-infra, feature-request, high-gain, high-trouble, mini-initiative
@tkopecek : simple question about kiwi For image task, koji considers that it's like a pkg, so easy to then tag-build to various tasks Example (on other koji) : https://koji.mbox.centos.org/koji/buildinfo?buildID=22804
image
Would that work the same for a kiwi build ? Ideally SIGs would just then have to tag-build to promote to other tags (which is triggering the sign+push process)
yes, it is exactly the same
Perfect ! so that means we can use the same thing but just look at some tags to see if they have rpms (and so signing these/importing/call distrepo task) or just media images and so just download build and put it in place
@ngompa , @dcavalca , @tdawson : can you try a real (non --scratch one) build but at this stage let it be in -candidate tag (it's ignored at this stage by signing+push process and we can validate that it works ? I can then write/test a simple function to start moving things around in case of a media/image build for SIGs
-candidate
Sure, I'll give it a shot momentarily.
Non-scratch build fails due to unregistered package name? https://cbs.centos.org/koji/taskinfo?taskID=3265887
which sounds logic if that's considered a build ? so https://sigs.centos.org/guide/cbs/#submit-a-build-on-cbs would apply (and like for a rpm pkg, one would just have to add it to the tags)
Here's a new run after registering the "package": https://cbs.centos.org/koji/taskinfo?taskID=3278044
ngompa@fedora ~/S/p/c/kiwi-descriptions (c9s)> cbs add-pkg --owner=ngompa hyperscale9s-spin_media-experimental-candidate CentOS-Stream-Hyperscale-Spin-OpenStack Adding 1 packages to tag hyperscale9s-spin_media-experimental-candidate ngompa@fedora ~/S/p/c/kiwi-descriptions (c9s)> cbs add-pkg --owner=ngompa hyperscale9s-spin_media-experimental-testing CentOS-Stream-Hyperscale-Spin-OpenStack Adding 1 packages to tag hyperscale9s-spin_media-experimental-testing ngompa@fedora ~/S/p/c/kiwi-descriptions (c9s)> cbs add-pkg --owner=ngompa hyperscale9s-spin_media-experimental-release CentOS-Stream-Hyperscale-Spin-OpenStack Adding 1 packages to tag hyperscale9s-spin_media-experimental-release ngompa@fedora ~/S/p/c/kiwi-descriptions (c9s)> bash ~/Scripts/centos-cbs-build-c9s-hsx-spin-kiwi.sh kiwi-descriptions CentOS-Stream-Hyperscale-Spin.kiwi oem OpenStack 0.n.20230314 Created task: 3278044 Task info: https://cbs.centos.org/koji/taskinfo?taskID=3278044 Watching tasks (this may be safely interrupted)... 3278044 kiwiBuild (noarch): free 3278044 kiwiBuild (noarch): free -> open (x86-5.cbs.centos.org) 3278046 createKiwiImage (aarch64): free 3278045 createKiwiImage (x86_64): free 3278046 createKiwiImage (aarch64): free -> open (aarch64-01.rdu2.centos.org) 3278045 createKiwiImage (x86_64): free -> open (x86-5.cbs.centos.org)
It looks like Koji doesn't like the *.sha256 checksum files:
*.sha256
BuildError: Unsupported file type: CentOS-Stream-Hyperscale-Spin-OpenStack.x86_64-9.0.0-0.n.20230314.qcow2.sha256
@tkopecek ^ ? any idea about that ?
Filed https://pagure.io/koji/issue/3736 for the koji issue.
Login to comment on this ticket.