[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Rebuild policy needed



The push-script has caught this:

> New packages in PUSHED /srv/rpmbuild/repodir/fedora-development-extras/rssowl/1.2.1-4.fc6, clearing flag

This means that an older build of the same package has been signed and
published before (a file "PUSHED" in the build job results directory of a
package in the needsign tree), and that the results of the new build job
have been found in the old directory which has not expired yet.

When the package was modified without bumping release (or if build
dependencies have changed meanwhile), some users may already have updated
to the previous binaries. They won't ever see changes in the new builds
unless they reinstall the package(s). That is bad.

Note that ever since, the various push scripts have never overwritten old
packages in the master repository. The "copy" and "move" functions do not
overwrite existing destination files, which is good.


So, we have kind of a partially undefined situation here, since a
version-bump-less rebuild may introduce new sub-packages or be made for
more/less architectures. A rebuild may also be accidental, and remember,
even if EVR has not changed, it is impossible to kill/withdraw succeeded
build jobs with plague-client.


We need to define what is done with a version-bump-less rebuild of a package
that has been published before.

 * Overwriting existing rpms in the published tree is bad.

 * Rule of thumb: If you want changes to enter your packages, bump Release!

 * Detecting and ignoring rebuilds is not trivial [*] if the previous build
   job results directory is gone already. (it would need something like
   looking for existing destination files, then ignoring the entire results
   of a build job before any rpms would be copied/moved/linked)
   [*] doable, but worth the effort?

 * At the level of the push-script, we have no way to inform a packager
   about rejected/ignored build results.

 * The build report is misleading if it mentions a package, which has been
   ignored partially or completely, because an older build of it exists
   in the repository already.

The package database could help with this and make the build server reject
rebuilds of previously built package releases.

Meanwhile I say: Avoid version-bump-less rebuilds like the plague!

Attachment: pgpEbOQUskf2a.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]