On Sat, Mar 08, 2025 at 07:50:49AM +0000, Richard W.M. Jones wrote:
> On Fri, Mar 07, 2025 at 12:56:21PM -0800, Brendan Conoboy wrote:
> >
>
> This doesn't really help with the "what". I work at Red Hat and still
> have no idea what Konflux actually is.
[...]
> > ”. In his talk he related some of the details about the interim rpm
> > approach, which injects builds into the koji after a build is
> > complete. This seems weird, but it makes sense: When your goal is to
> > eventually replace the full pipeline, but it’s going to take a long
> > time, you have to write some throw-away code that bridges new to
> > old.
>
> I didn't watch his talk, but this all sounds very vague. And that the
> fact that it's "container first" and an internal project first is
> worrying too. How does it build containers without starting with
> RPMs? Where do those RPMs come from?
I was present at the talk, here[1] are the slides. There's a Workflow
diagram on slide-10. No direct answer, but allow me to quote Mike
McLean's slide-11, on building RPMs (with some changes to Mock):
-----------------------------------------------------------------------
# we want to build this package
srpm=your-package.src.rpm
# we'll create a local repository with pre-fetched RPMs/bootstrap
repo=/tmp/local-repo
# resolve build deps for the given SRPM, in this case for Fedora Rawhide
mock --calculate-build-dependencies -r fedora-rawhide-x86_64 "$srpm"
# find the lockfile in Mock's resultdir
lockfile=/var/lib/mock/fedora-rawhide-x86_64/result/buildroot_lock.json
# create a local RPM repository (+ download bootstrap image)
mock-hermetic-repo --lockfile "$lockfile" --output-repo "$repo"
# perform the hermetic build!
mock --hermetic-build "$lockfile" "$repo" "$srpm"
-----------------------------------------------------------------------
> TL;DR, I don't know what this is.
I asked a question about some of the main motivations behind Konflux: Is
it the ability to build containers "natively? Or is it about "SBOM"
(software bill of materials) and "hermetic builds" that provide an
attestation report? Something else? I didn't get a direct answer to
this, but the presenter (Mike McLean) said he was there to share how
_he_ is using Konflux to build RPMs.
Fair enough, but my question remains: did the Konflux project consider
the option of investing this effort into Koji to produce the artifacts
they need? Maybe it was already considered and ruled out due to valid
reasons. If they're documented somewhere, I'd be glad to educate
myself. If not, Konflux project folks: please consider documenting.
It'll also answer questions the broader community might have.
[...]
[1] https://mikem.fedorapeople.org/Talks/connect-2025-rpms-in-konflux/#11
--
/kashyap
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
