Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

image: add rpm database as build output #2442

Merged
merged 1 commit into from
Oct 17, 2023
Merged

image: add rpm database as build output #2442

merged 1 commit into from
Oct 17, 2023

Conversation

malt3
Copy link
Contributor

@malt3 malt3 commented Oct 11, 2023
edited
Loading

Context

For reproducibility reasons, the final OS image does not ship the rpm database in sqlite format. For supply chain security and license compliance reasons, we want to keep the rpm database of os images as a detached build artifact. We now ship a reproducible, human readable manifest of installed rpms in the image under "/usr/share/constellation/packagemanifest" and upload the full rpm database as a build artifact (rpmdb.tar).

Proposed change(s)

  • image: add rpm database as build output

Checklist

  • Update docs
  • Add labels (e.g., for changelog category)
  • Is PR title adequate for changelog?
  • Link to Milestone
  • Build pipeline

@malt3 malt3 added the no changelog Change won't be listed in release changelog label Oct 11, 2023
@malt3 malt3 added this to the v2.13.0 milestone Oct 11, 2023
@netlify
Copy link

netlify bot commented Oct 11, 2023
edited
Loading

Deploy Preview for constellation-docs canceled.

Name Link
🔨 Latest commit a7038cf
🔍 Latest deploy log https://app.netlify.com/sites/constellation-docs/deploys/652e723b9cd26c00088afed5

@malt3
Copy link
Contributor Author

malt3 commented Oct 11, 2023

@thomasten FYI

@malt3 malt3 marked this pull request as ready for review October 11, 2023 12:28
thomasten
thomasten reviewed Oct 12, 2023
View reviewed changes
Copy link
Member

@thomasten thomasten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Proposed functionality (uploading rpmdb and having packagemanifest in the image) looks good. I'm not familiar enough with the build system to review the implementation.

@malt3 malt3 requested review from 3u13r and msanft October 16, 2023 16:13
msanft
msanft approved these changes Oct 17, 2023
View reviewed changes
Copy link
Contributor

@msanft msanft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't say much regarding the internal system-level logic of this change, as i'm not very familiar with mkosi and our image build in general. High-level reasoning of the change sounds good to me and Bazel files, shell scripts and GH action looks good as well. LGTM from my (limited) POV

@malt3
image: add rpm database as build output
a7038cf 
For reproducibility reasons, the final OS image does not ship the rpm database in sqlite format.
For supply chain security and license compliance reasons, we want to keep the rpm database of os images as a detached build artifact.
We now ship a reproducible, human readable manifest of installed rpms in the image under "/usr/share/constellation/packagemanifest" and upload the full rpm database as a build artifact (rpmdb.tar).
@malt3 malt3 merged commit 1a141c3 into main Oct 17, 2023
4 checks passed
@malt3 malt3 deleted the fix/image/rpmdb branch October 17, 2023 12:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thomasten thomasten thomasten left review comments

@msanft msanft msanft approved these changes

@3u13r 3u13r Awaiting requested review from 3u13r

Assignees
No one assigned
Labels
no changelog Change won't be listed in release changelog
Projects
None yet
Milestone
v2.13.0
Development

Successfully merging this pull request may close these issues.
3 participants
@malt3 @thomasten @msanft