Ensure we pull/build only released packages

sclorg / rpm-list-builder

RPM List Builder helps you to build a list of defined RPM packages including Software Collection from the recipe file

GNU General Public License v2.0

4 stars 8 forks source link

Ensure we pull/build only released packages #31

Open hhorak opened 7 years ago

hhorak commented 7 years ago

When using rhpkg downloader strategy, it is not clear what hash was used to already published build and which were not yet published (and what is more important, might contain some embargoed information). So, for rebuilding published RPMs (like RHSCL rebuilds for CentOS), it would be necessary to either:

find out which hashes match the published builds
or use SRPM repository that contains published RPMs only

junaruga commented 7 years ago

Maybe you want to prevent the package that is not published to be built on public build system such as Copr, right?

And

what hash was used to already published

hash?

Like this? https://www.apache.org/dist/httpd/httpd-2.2.32.tar.gz.sha1

19e94b8c9e727cc16b75795814c5b0e27ebc08d5 *httpd-2.2.32.tar.gz

junaruga commented 7 years ago

or use SRPM repository that contains published RPMs only

Adding additonal download option to download SRPMs from repository. This looks easier to implement.

junaruga commented 7 years ago

@hhorak as we talked today, the solution is implementing below 2 new features.

Adding download option to download SRPM.
Output warning message "You may access public build service to build packages downloaded by rhpkg." if user is running RPM List Builder on below cases. Basically it is user's responsibility.
- download: using rhpkg command (rhpkg option or custom option including rhpkg in custom YAML file) AND
- build: using copr-cli or koji command (copr option or custom option including copr-cli or koji in custom YAML file).

hhorak commented 7 years ago

That looks good to me, thanks.