[Dev] dbscripts plan v2

Luke Shumaker lukeshu at lukeshu.com
Thu Sep 20 16:46:33 GMT 2018


Luke Shumaker wrote:
>  2. Use db-{move,update,remove}
> 
>     Change:
>  
>        Rework `db-import-pkg` to set up a `db-update`-style staging
>        directory, rather than manipulating the repos directly.  At
>        this point, `db-import-pkg` is still running as `repo`.
>        However, set `ProtectSystem=strict`, limit it to a staging &
>        scratch directory, and have it
>     
>            ssh localhost DBSCRIPTS_CONFIG=...${UPSTREAM} db-update
>         
>        to add/remove packages.  This will involve adding an ssh key
>        for repo.
>     
>     Rationale: Obviously, this is a primary objective.  Using
>     ssh+ProtectSystem allows us to ensure that the objective is met.
> 
>     Concerns: Testing this will probably involve running an SSH server
>     in the test suite.

I ended up not implementing it with `ssh localhost`.  That can come
later.  But it does now use db-{move,update,remove}, which it simply
calls directly.

>     Timeframe: As soon as I can get it done after step 1; a couple of
>     days.

This has been ready to go since the 3rd, but I didn't want to roll
anything out with the bugtracker or mailing list down.

>  3. Migrate humans off of repo@
> 
>     Change: Adjust the default `libretools.conf:REPODEST` to be
>     `ssh://$LIBREUSER@repo.parabola.nu:1863/~/staging/` instead of
>     `ssh://repo@repo.parabola.nu:1863/~/staging/$LIBREUSER/staging/`.
>     
>     Rationale: This will change the user-separated `db-update` from
>     opt-in (following step 1) to opt-out.
>     
>     DISRUPTION: This will make the default configuration unsuitable
>     for packagers whose local username doesn't match their username in
>     hackers.git.  They will need to manually adjust their
>     `libretools.conf:REPODEST` to have the correct username.

If the user sets REPODEST in their
~/.config/libretools/libretools.conf, then the default HOOKPRERELEASE
won't do the right thing.  Maybe we say "you'll also need to set
HOOKPRERELEASE if you set REPODEST there", or "you need to set
REPODEST in /etc".  But I don't like those solutions.  Things should
just work, intuitively.

The "obvious" answer is to adjust the expression at HOOKPRERELEASE to
be evaluated at call-time, rather than config-parse-time.  But, at
call-time, it doesn't have REPODEST.

I'll have to meditate about what to do.

Current status:

  [x] 1. Set up the `repo` group        [eta: 2018-08-23]
  [x] 2. Use db-{move,update,remove}    [eta: 2018-09-20]
  [-] 3. Migrate humans off of repo@    [eta: ???]
  [ ] 4. Migrate robots off of repo@    [eta: a week after that]

-- 
Happy hacking,
~ Luke Shumaker



More information about the Dev mailing list