Learn more about these different git repos.
Other Git URLs
When rebuilding a container, today we take the given advisory and build a repo out of it in odcs containing only rpms from that advisory.. a very small repo.
We then submit the build to OSBS using all the repo arguments from the last time it was built and additionally include our new repo.
The problem is that the repo arguments from the last time the container was built may point to the public cdn repos.. which could have updated over time.. which means our new isolated build of this container could pull in more new changes than just the one or two updated rpms in our odcs repo.
The solution, I think, is to query koji to get the list of all the NVRs from the last time the container was built (a few hundred rpms). We should then request that ODCS create a repo out of those NVRs plus the additional nvrs from the advisory. When submitting the container build to OSBS we should specify only the new ODCS repo, which should include the full set of content needed -- exactly what was there before plus (only) the new advisory content.
There's a problem here in that the Dockerfiles themselves can have subscription manager commands to enable repositories. We'd have to be able to instruct OSBS somehow not to let them use other repos than what we provide.
We might also need to be able to tell pungi to build a repo from exact NVRs (which is not possible ATM)
We would need to get the koji event id from the time when the docker image has been built. Then we can pass it to pungi and build the image using the right images.
@sochotni Why enabling repositories by subscription manager during image build could be a problem? Newer version of packages that could be in those enabled repositories are provided by the generated repository in ODCS. Can you help to explain more? A specific example would be helpful.
This is not an issue in the end. The current behaviour is considered as good one and we will just document it in places where the documentation is needed internally. Closing this issue.
Metadata Update from @ralph: - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.