Missing critical dependency, Koji
John Gilmore
gnu at toad.com
Sun Aug 17 20:27:28 EDT 2008
> Anyway, in the meantime, we have raw rpmbuild, mock (which needs to be
> configured not to use Fedora's koji, but this is not so hard), our own
> buildroot (probably hidden away somewhere on weka.laptop.org), and the
> joyride dropbox system. In conclusion, we'll live.
I got an impression that all we were using koji for was to pull in
binaries of F9 packages that olpc had never modified. If that's true,
we can quickly set up our own mirror by starting with an F9 binary
install DVD (readily available from mirrors or BitTorrent; I'm serving it
up myself on BT), and updating it with any packages revised in
Fedora Updates (also available on mirrors).
If we do something like that, I strongly suggest doing a "rebuild" of
an already-existing joyride build done using koji, comparing that it's
bit-for-bit identical to the koji-based build, and revising and fixing
until it is. I also recommend getting enough control of our own build
system that we have *saved* enough source and binary RPM's to fully
reproduce every release we subsequently build. (The ability to
rebuild an identical release is key to retaining the ability to make a
slightly evolved release that contains only well defined changes.)
Currently I'm sure we don't have src.rpm's for everything we have in
binary. (If anybody knows where the olpc-licenses src.rpm is, we're
actively looking for it so we can fix it!)
BTW, the Fedora sysadmins are being mysterious about the "issues we
discovered earlier this week" that caused them to take down Koji:
https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00008.html
https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00009.html
It smells to me like an attack, perhaps designed to corrupt the master
packages that large numbers of people are downloading in binary and
installing without question :-(. There was a rumor that it was attacked
via the DNS vulnerability:
http://news.zdnet.co.uk/security/0,1000000189,39453160,00.htm
http://permalink.gmane.org/gmane.linux.redhat.fedora.general/306278
However, this is unconfirmed. It's fun to speculate, but I'm sure the
people working on getting it all working again don't need their elbows
joggled.
John
More information about the Devel
mailing list