Greetings everyone.
Fedora Release engineering was made aware recently that some real builds
seemed to have been done from commits not in any branch in the main
repository for the package. All cases we are currently aware of were
maintainers mistakenly building from a forked repo with a valid pull
request.
On investigation, this was found to be due to some changes in how koji
does the buildSRPMFromSCM task and us being unaware of the implications
of that change.
In short, when a pull request is created, pagure keeps track of those
commits in refs/pulls. Previously koji did a 'git reset' to the exact
commit, which would only work for commits on a branch. The new method
with 'git fetch' will follow refs and find the pull request commit.
Upstream koji developers have created a plugin for us to check policy
after the checkout and require official builds to be from a commit that
is in a branch. This plugin has been deployed and is active.
Sorry for any confusion this issue may have caused.
kevin
Show replies by date