On Fri, 2003-10-24 at 11:38, Jesse Keating wrote: > So it looks like Red Hat's build system may not be ready in time for our > December deadline for 7.3 EOLd. That means we need to launch with > something else. Perhaps we can use mach? Has anybody had experience > with mach, and whether or not we could use it temporarily until the > real build system gets put into place? mach is fine if you fully trust the sources you are putting into it. It currently uses regular chroots, automatically populating the tree with build requirements (there are some caveats). I would recommend doing things manually or being very careful with mach to make sure the entire build server is clean and uncompromised by the time we install mach+vserver+djinni. fedora.us has been, and continues to build things manually within vservers, manually installing BuildRequires as needed. > The host OS will be RHEL 3 AS > for amd64 (dual opteron system). I think I'm just going to load it up > with 4x 250gig SATA drives, in a raid 10 array, for 500gigs of space > initially. That should be plenty of space to hold the build systems > and build for 4~ trees (7.3/9, and 2x FC releases), as well as seed the > mirrors. Yikes, that will be plenty. > > Speaking of mirrors, it seems that our content isn't welcome on Red Hat > ftp servers, but they are making the directory structure friendly for > our content to be on other mirrors and require very little config > changes. So I need to start collecting information on folks that will > be willing to mirror our content, yumified. Have any of you experience > working with Red Hat's mirror system, something that we can adopt for > our schtuff? Please ask RH for membership to mirror-list-d. There are MANY mirror admins there that respond quickly. > > Lastly, we'll need a Bugzilla system. Probably our own to start with, > maybe merged down the road with Fedora's. I'd like to use Red Hat's > pgsql'd version of bugzilla, but it's woefully lacking in > documentation. Anybody got any experience with that? Somebody (might have been mkj) mentioned that it makes more sense for Legacy to exist within RH/FC's Bugzilla, because almost all security errata for old systems may be relevant to the latest systems and RHEL too. No sense duplicating effort. By keeping it within the same database it is easy to cross-link with "Bug XXXXXX" strings within reports. Please bug the RHatters about this one again. > > I'd like to launch our server and start handing out builder logins on > it, and start getting some of the kinks worked out with test packages > by the end of November. That way we should be ready for December when > 7.3 goes done. May I caution being very paranoid with handing out builder logins. The eventual mach+vserver+djinni system would be abstracted so NOBODY needs root access in order to feed packages to the queue. Before that build system is ready, I would recommend doing thorough QA analysis of packages like fedora.us currently does in our Bugzilla, and build them manually within vservers. I can quickly explain how all this works. Since the volume of packages for Fedora Legacy will be relatively small compared to fedora.us, only one or two builders should be necessary. I personally had set aside a computer at my house exclusively for ssh access into fedora.us' build server, but I am more paranoid than most.