#170 CI test to enforce no-replace-base-packages policy for default streams
Opened 2 years ago by mattdm. Modified a year ago

Right now, it's easy for a module to contain binary packages which, intentionally or not, override packages in the Everything repo. In the case of non-default streams, this is often on purpose. For default streams, it shouldn't be on purpose (because it's not allowed by policy).

This seems like something a computer could catch. We need a test on module build for output binary RPMs which are part of a default stream and which overlap with packages in the non-modular Everything repo.

Metadata Update from @psabata:
- Issue tagged with: Meeting

2 years ago

Metadata Update from @psabata:
- Issue assigned to psabata

2 years ago

So we need checks, probably in Bodhi for both module and non-modular package updates.

The check should verify that there is no conflict between content provided by default streams in GA+updates and Everything in GA+updates.

@dperpeet, @bookwar Is this something you guys could own? Or could you point me to someone?

Metadata Update from @psabata:
- Issue untagged with: Meeting

2 years ago

While the check in Bodhi is well-intended, it would be at a wrong place:

Being default is not a property of a module build. It's a property of a compose and it comes from https://pagure.io/releng/fedora-module-defaults/ configuration. The first place in a module delivery pipeline which can see both the module build and the defaults configuration is Pungi.

Therefore the only place where we can enforce the policy is at compose time. We should involve relengs (@mohanboddu).

Any other sooner checks can only be advisory. (Bodhi cannot see what will be in fedora-module-defaults configuration, fedora-module-defaults maintainer cannot see what module build will be in Bodhi.)

But I'm not sure if anybody from relengs or CI wants to invest in this if Fedora has banned the default streams.

Banning default streams has actually solved this.

Login to comment on this ticket.