Re: tag2upload (git-debpush) service architecture - draft

To: debian-devel@lists.debian.org
Subject: Re: tag2upload (git-debpush) service architecture - draft
From: Russ Allbery <rra@debian.org>
Date: Sat, 03 Aug 2019 09:14:31 -0700
Message-id: <[🔎] 87ef22jkew.fsf@hope.eyrie.org>
In-reply-to: <[🔎] 20190803075917.z375ufq4ilmb2cv6@kumo.plessy.net> (Charles Plessy's message of "Sat, 3 Aug 2019 16:59:17 +0900")
References: <23873.48403.353433.835198@chiark.greenend.org.uk> <20190731183134.pcjqmjjwzg6witoa@shell.thinkmo.de> <tsl5zni80xv.fsf@suchdamage.org> <20190731203733.5rjmiwtuj27wmri2@shell.thinkmo.de> <[🔎] 877e7xf6in.fsf@athena.silentflame.com> <[🔎] tslh87157qg.fsf@suchdamage.org> <[🔎] 23876.12607.275623.973680@chiark.greenend.org.uk> <[🔎] tslv9vf3dkl.fsf@suchdamage.org> <[🔎] 23876.31821.714465.66329@chiark.greenend.org.uk> <[🔎] 65071cc2-db11-7988-eeb0-397a84cdba94@zoho.com> <[🔎] 20190803075917.z375ufq4ilmb2cv6@kumo.plessy.net>

Charles Plessy <plessy@debian.org> writes:

> if creating a source package is fast and reproducible, could the dgit
> user commit the signed .dsc file somewhere, and the dgit infrastructure
> use it and throw an error if the hash sums do not match ?

A difficulty with using the .dsc file as a signed artifact if you want to
base the upload on a Git repository is that a .dsc file points to
compressed tarballs, which means now you have to solve the problem of
recreating a compressed tarball from a Git repository in a byte-for-byte
identical way.  Past experience with pristine-tar says that this is more
fragile than we would like, and is prone to trouble if there are differing
versions of tar or the compression utility in play.

Admittedly, the tag2upload problem is much easier than the pristine-tar
problem because we're not trying to cope with arbitrary upstream tar
creation, but I suspect the ongoing maintenance burden (and random failure
rate) would be higher than the current proposal.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

References:
- Re: tag2upload (git-debpush) service architecture - draft
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: tag2upload (git-debpush) service architecture - draft
  - From: Sam Hartman <hartmans@debian.org>
- Re: tag2upload (git-debpush) service architecture - draft
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: tag2upload (git-debpush) service architecture - draft
  - From: Sam Hartman <hartmans@debian.org>
- Re: tag2upload (git-debpush) service architecture - draft
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: tag2upload (git-debpush) service architecture - draft
  - From: "Rebecca N. Palmer" <rebecca_palmer@zoho.com>
- Re: tag2upload (git-debpush) service architecture - draft
  - From: Charles Plessy <plessy@debian.org>

Prev by Date: Bug#933794: ITP: golang-github-mattn-go-gtk -- Go binding for GTK
Next by Date: Bug#933814: ITP: golang-github-shurcool-httpgzip -- go library for use gzip compression when serving HTTP requests
Previous by thread: Re: tag2upload (git-debpush) service architecture - draft
Next by thread: Re: Salsa.d.o: Please support the implementation request for a global config option to change the default for "Custom CI config path" in Gitlab
Index(es):
- Date
- Thread