On Sat, 2006-11-25 at 11:42 +0100, Michael Schwendt wrote: > On Fri, 24 Nov 2006 22:27:21 -0500, Dan Williams wrote: > > > On Fri, 2006-11-24 at 20:10 +0100, Axel Thimm wrote: > > > On Fri, Nov 24, 2006 at 08:05:52PM +0100, Axel Thimm wrote: > > > > the queue seems to be 2+ days large, is that due to some hardware > > > > issues mentioned some time ago? If not, could someone please sign/push > > > > the packages? Thanks! > > > > > > Forget it, I just saw that some packages have been pushed, I just > > > misinterpreted the status on > > > http://buildsys.fedoraproject.org/build-status/success.psp, I thought > > > that if the packages are tagged as "needsign" then they still need to > > > be signed and pushed to the repo. > > > > > > Would it make sense to add a state of "signedandpushed" or similar? > > > > That state exists, but nobody bothers to move then from 'needsign' to > > 'finished'. Technically the push scripts could do this, but they don't. > > What is needed to get it done? > > The push script does not interface with plague in any way yet, so it does > not know anything about build job numbers. It could reconstruct the build > job tag from the name/version directory entries in the needsign repo. Is > that worth anything? Well, you'll need job #s from the server. Essentially, you could query the server for all jobs in 'needsign' state (which means they are done of course) and grab the package name and version, and then reconstruct the path to each package's finished RPM directory, and then do whatever the script normally does. If the script is successful for that package, it tells the build server to mark the job as 'finished'. The 'finished' calls can be batched up for speed (up to a certain request length dictated by SQL request length sizes). > A quick grep on the plague server code returns: > > # Marking 'needsign' jobs as finished requires admin privs > > Sounds like a first roadblock. What kind of "admin privs" would we need? Whoever runs the push scripts will need their plague account marked with admin privs. The plague client will talk to the server using the certificate in ~/.plague-client.cfg (the "user-cert" option in there), or will use the certificate in whatever file is pointed to by the PLAGUE_CLIENT_CONFIG environment variable. Whatever user the cert is for needs the admin privs. In the end, I don't really think it's worth spending a lot of time on this unless you're really interested. Everything seems to be going fine already, we've got 22,000+ jobs in needsign state and it's not a problem :) If somebody is really interested in the "correctness" of the process, then they could implement this. Otherwise I don't think there's a burning need. Dan -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
