On Tue, Mar 1, 2022 at 8:20 AM Richard W.M. Jones <rjones@xxxxxxxxxx> wrote: > > On Tue, Mar 01, 2022 at 04:21:56AM -0500, Neal Gompa wrote: > > On Tue, Mar 1, 2022 at 3:07 AM Richard W.M. Jones <rjones@xxxxxxxxxx> wrote: > > > > > > > > > https://bugzilla.redhat.com/show_bug.cgi?id=2058274 > > > > > > fails to build with: > > > > > > DEBUG util.py:444: No matching package to install: 'ocaml-dune >= 1.0' > > > > > > This package is in RHEL 9 buildroot (ocaml-dune-2.8.5-5.el9.x86_64). > > > > > > I read an earlier thread ("Subject: [EPEL-devel] Re: Packages > > > disappearing from the EPEL 9 buildroot") and it seems to indicate that > > > RHEL 9 buildroot packages aren't going to be available in EPEL 9. > > > This seems crazy, is it really correct? > > > > > > > It's not crazy. EPEL is intended to build on RHEL content, which means > > we can't depend on something RHEL doesn't publish. If Red Hat wants to > > publish their buildroot repo, then sure, we could use it. > > I wasn't very clear, but I was addressing my remark at Red Hat. > There's really no reason why we (Red Hat) don't publish buildroot, in > fact my personal view is we ought to for open source reasons. > > > Just because it happens to exist in the CentOS Stream 9 buildroot > > content does not mean we would be able to rely on it once we replace > > CentOS Stream with RHEL for EPEL 9. Thus, we don't use the CentOS > > Stream 9 buildroot either. > > So this was going to be my next question - is it that difficult to use > C9S buildroot packages to replace the "missing" ones? AFAIK they > ought to be almost identical. Obviously they are rebuilds and they > might be a little out of sync, but saves EPEL doing a literal third > rebuild of the same content! > Theoretically, yes. And for some stuff, that would work. It depends on how sensitive things are and where they lie in the dependency chain. > > If we did, we'd wind up in a situation where packages were built once > > and then not buildable ever again. That already kind of happened when > > we initially had that buildroot repo in the EPEL build environment and > > it made it way harder for us to figure out what gaps we had for things > > to build against RHEL later. We've fortunately dealt with the small > > number of cases that occurred from then. > > I'm not sure I totally understand this bit. Is it right to say that > packages wouldn't be "buildable ever again" only in the case where we > used C9S buildroot and then dropped it? If we just use C9S buildroot > packages + RHEL 9 packages - forever - we'd be OK? > Those packages are not necessarily guaranteed to be installable forever because they're effectively only there as a side-effect. But it's *possible* we'd be fine. There is another issue with using buildroot packages: they're not signed and mirrored at all. There's no reasonable way to expect downstreams to be able to figure out how to build our packages with any reasonable trust. People already don't like the fact that RHEL doesn't do it, I think they'd be extremely upset if it led to EPEL packages that people couldn't easily locally (re)build and update. It's also more common for EPEL packagers to be in environments where unsigned content is simply flat out blocked by policy, so RPM would trip up over installing those packages. And yay supply chain attacks! :( -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
