Home_greyopenFATE - openSUSE feature tracking > #308268
Dashboard | Search | Sign up | Login

Please login or register to be able to edit or vote this feature.

Allow to easy check what sources was unmodified -show cheksum and url of tarball

Feature state

Buildservice
Done

Description

Allow to easy check what source tarball was not modified:

  1. add field for url to official project download page  (url where packager got source)
  2. show checksum for tarball generated by Buildservice

Often source tarball already have checksum (in project download page or in VCS(version control systems), 

and all what needed to check is sources modified:

  1. see checksum in Buildservice
  2. see checksum in official project download page, or in VCS, or etc...
  3. just compare it))

This is important, because some people want to use additional software (for example: from http://download.opensuse.org/repositories/home:/  repos), but don't trust these packagers

References

http://en.opensuse.org/Build_Service/Concepts/SourceService

Discussion


icons/user_comment.png M. V. wrote: (8 years ago)

In fact this feature should means that Build Service will be able to download the upstream tarball automatically. But in a real world, there are many cases we need to distribute a modified tarball, so it also needs to

  1. Repack the tarball to tar.bz2
  2. Remove files from it (mainly from legal reasons) - there'd be a list of files needs to be removed from a tarball
icons/user_comment.png M. V. wrote: (8 years ago)

Oh and I forgot - in this mode, BuildService needs to warn if the URL changes a lot (for instance a hostname).

icons/user_comment.png A. S. wrote: (8 years ago)

well, you either say OBS that it shall download or not. In the (rare) cases where we have to modify the tar ball, you just can't use this feature.

icons/user_comment.png M. V. wrote: (8 years ago)

Well, to make implementation straightforward it makes a sense to not solve all cases and focus only on common ones.

But I'm still think that URL change detection is needed.

icons/user_comment.png A. S. wrote: (8 years ago)

Yes, you can see this as diff in the _service file than. Btw, the host and the path have been seperated into own rows to see also a server switch (eg. ftp.trusthost.org to ftp.trusth0st.org )

icons/user_comment.png A. S. wrote: (8 years ago)

This is half implemented via source services. File download by url service exists (but is not yet active on our official instances). An verify_source service is still to be written.

A vcs import service can get written easily, but we need a concept not to flood our source storage server via that.

the first two items will get implemented ASAP (but this situation stays since several month already :/)
Anyway, it is already on our 1.8 roadmap, so I make this mandatory for it.

Also osc integration to support this (to avoid dealing with _service file syntax) is missing

icons/user_comment.png A. S. wrote: (7 years ago)

osc add $URL

is working now and tarball gets downloaded by the server, sha256 sum for verification gets also added by osc.

We need to enforce the usage of this a bit more, but technically it is implemented.

Last change: 7 years ago
Voting
Score: 3
  • Negative: 0
  • Neutral: 0
  • Positive: 3
Feature Export
Application-xmlXML   Text-x-logPlaintext   PrinterPrint