Preliminary launch of apt.rocm.debian.net

To: Debian ROCm Team <debian-ai@lists.debian.org>
Subject: Preliminary launch of apt.rocm.debian.net
From: Christian Kastner <ckk@kvr.at>
Date: Tue, 18 Jul 2023 18:05:49 +0200
Message-id: <[🔎] addd29ce-b041-007f-cf72-4b6b4aee2c85@kvr.at>

Hi all,

I'm happy to announce that apt.rocm.debian.net [1] is up and running.

Through this server, we can distribute packages that are either
  (1) Our own tooling, not yet ready for upload to the official Archive
  (2) Patched tooling of other entities, not yet ready to be merged back
  (3) Exploratory builds not suitable for the official Archive
  (4) Personal builds of some of the team members.

Primary motivation for this were (1) and (2), as we are creating an
infra that needs to be GPU-aware, which our official infra isn't. Our
infra will be the proving grounds for adaptations, and in an ideal
world, our changes will be merged back into their upstreams sooner or later.

I also like (3) and (4) because we can run debci/autopkgtest for these
packages. So if you want to try out "that one patch" that might break
everything, you can do it in an isolated environment with broad GPU
coverage (our CI network), without generally breaking things.

This is a preliminary launch [2]. I'm sure will need to iron out a few
issues. Once things are stable, we should have an official launch.

The website has more info for users and uploaders.

Implementation details
======================

This is currently served by a private machine of mine [3]. The only
reason for this is that the Release files need to be signed, and I don't
want to keep signing keys as files on some remote host where they could
be exfiltrated. The signing keys are currently on a Nitrokey attached
via USB.

This is hacky, but I'm sure we'll figure out a way to improve upon this
soon. Perhaps the DSA Team can help us figure out a better way to handle
the signing keys.

Except for the physical Nitrokey (obviously), all of this is managed by
ansible. I'm finalizing the READMEs as we speak, and should push the
entire setup by tonight, or tomorrow latest.

Next steps
==========

In the course of this week and perhaps next, I'll be uploading packages
to this repository that will enable us to finally take our CI live.

Best,
Christian

[1] https://apt.rocm.debian.net/

[2] Preliminary, because while I have experience with the services
involved, but this is the first time for me configuring them for shared
use, rather than private use. Also, I'm sure the host will change, once
a sponsor is found.

[3] Actually, since I ran out of ipv4 addresses, apt.rocm.debian.net is
really a Linode nano instance that forwards all traffic to the private
server.

Reply to:

Follow-Ups:
- Temporary fork of autopkgtest
  - From: Christian Kastner <ckk@debian.org>
- Uploaded rocm-dev-tools
  - From: Christian Kastner <ckk@debian.org>
- Upload of temporary fork of debci
  - From: Christian Kastner <ckk@debian.org>

Prev by Date: Re: rocBLAS on arm64 and ppc64el
Next by Date: Re: RFS: rocsolver/5.5.1-1 [ITP] -- ROCm library for numerical linear algebra
Previous by thread: Re: On disabling dh_dwz
Next by thread: Temporary fork of autopkgtest
Index(es):
- Date
- Thread