https://fedoraproject.org/wiki/Changes/rpm_level_auto_release_and_changelog_...
== Summary ==
redhat-rpm-config will be updated so users of the auto framework get automated release and changelog bumping.
== Owner ==
* Name: [[User:nim| Nicolas Mailhot]] * Email: <nicolas.mailhot at laposte.net>
== Detailed Description ==
This is a system-wide change because all packages build with redhat-rpm-config, but it only concerns packages that opted to use this part of redhat-rpm-config (auto framework).
The change will make those packages auto-bump and auto-changelog at the rpm level, in an infrastructure-independent way.
== Benefit to Fedora ==
Autobumping removes a huge packager shore and makes timestamping in changelogs more reliable.
== Scope == * Proposal owners: The feature is coded and works at the rpm level. Unfortunately, mock filters away the srpms containing the bump state, so it does not work in upper layers.
* Other developers: The feature requires buy-in by mock developers (and probably koji developers) to lift the restrictions that block it above the rpm level. Also, it requires a mechanism to pass the user name and email that will be used in bumped changelogs (defining two variables in ~/.rpmmacros is sufficient at rpm level)
* Mock issue: https://github.com/rpm-software-management/mock/issues/599
* Release engineering: https://pagure.io/releng/issue/9567 * Policies and guidelines: maybe eventually if things work out on the technical level * FPC issue: https://pagure.io/packaging-committee/issue/998 * Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
This is a pure build tooling update, it changes how things are built not what is built.
== How To Test ==
A redhat-rpm-config packages with the changes and some example packages are available in https://copr.fedorainfracloud.org/coprs/nim/refactoring-forge-patches-auto-c...
Since the mock/copr layer is currently blocking the feature, you need to install the redhat-rpm-config and forge macro packages available in this repo locally. Afterwards you can take any of the example packages in the repo and rebuild them with rpmbuild -ba to your heart content, and see the releases bump and the changelogs being updated accordingly.
To get beautiful changelogs, you also need to add
<pre> %buildsys_name Your name %buildsys_email Your email </pre>
in ~/.rpmmacros
== User Experience ==
N/A Packager experience change only
== Dependencies ==
The change is a spin-off of
https://fedoraproject.org/wiki/Changes/Patches_in_Forge_macros_-_Auto_macros...
Therefore, it depends on the success of that other change and will probably need rebasing if the code in this other change evolves during the redhat-rpm-config merge.
It also depends on mock / copr/ koji buy-in and changes, that may add their own requirements.
== Contingency Plan ==
There is no contingency plan because the change will happen or not at all.
== Documentation ==
There is as much documentation as the average redhat-rpm-config change (ie comments in the macro files themselves)
== Release Notes ==
N/A Packager productivity change only
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On Tue, 2020-06-30 at 15:19 -0400, Ben Cotton wrote:
https://fedoraproject.org/wiki/Changes/rpm_level_auto_release_and_changelog_...
== Summary ==
redhat-rpm-config will be updated so users of the auto framework get automated release and changelog bumping.
== Owner ==
- Name: [[User:nim| Nicolas Mailhot]]
- Email: <nicolas.mailhot at laposte.net>
== Detailed Description ==
This is a system-wide change because all packages build with redhat-rpm-config, but it only concerns packages that opted to use this part of redhat-rpm-config (auto framework).
The change will make those packages auto-bump and auto-changelog at the rpm level, in an infrastructure-independent way.
So how exactly is this supposed to work? From where will it get old changelog, how packagers will migrate to this, how does it affect reproducibility?
== Benefit to Fedora ==
Autobumping removes a huge packager shore and makes timestamping in changelogs more reliable.
== Scope ==
- Proposal owners: The feature is coded and works at the rpm level.
Unfortunately, mock filters away the srpms containing the bump state, so it does not work in upper layers.
- Other developers: The feature requires buy-in by mock developers
(and probably koji developers) to lift the restrictions that block it above the rpm level. Also, it requires a mechanism to pass the user name and email that will be used in bumped changelogs (defining two variables in ~/.rpmmacros is sufficient at rpm level)
So are you asking mock and koji people to implement something? Did you talk to them before submitting this proposal?
- Mock issue:
https://github.com/rpm-software-management/mock/issues/599
- Release engineering: https://pagure.io/releng/issue/9567
- Policies and guidelines: maybe eventually if things work out on the
technical level
- FPC issue: https://pagure.io/packaging-committee/issue/998
- Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
This is a pure build tooling update, it changes how things are built not what is built.
== How To Test ==
A redhat-rpm-config packages with the changes and some example packages are available in https://copr.fedorainfracloud.org/coprs/nim/refactoring-forge-patches-auto-c...
Since the mock/copr layer is currently blocking the feature, you need to install the redhat-rpm-config and forge macro packages available in this repo locally. Afterwards you can take any of the example packages in the repo and rebuild them with rpmbuild -ba to your heart content, and see the releases bump and the changelogs being updated accordingly.
To get beautiful changelogs, you also need to add
<pre> %buildsys_name Your name %buildsys_email Your email </pre>
in ~/.rpmmacros
== User Experience ==
N/A Packager experience change only
== Dependencies ==
The change is a spin-off of
https://fedoraproject.org/wiki/Changes/Patches_in_Forge_macros_-_Auto_macros...
Therefore, it depends on the success of that other change and will probably need rebasing if the code in this other change evolves during the redhat-rpm-config merge.
It also depends on mock / copr/ koji buy-in and changes, that may add their own requirements.
== Contingency Plan ==
There is no contingency plan because the change will happen or not at all.
This is not true. If it will happen but then something will be entirely broken we need to revert it.. And we need to know when, how and who will do that.
== Documentation ==
There is as much documentation as the average redhat-rpm-config change (ie comments in the macro files themselves)
== Release Notes ==
N/A Packager productivity change only
-- Ben Cotton He / Him / His Senior Program Manager, Fedora & CentOS Stream Red Hat TZ=America/Indiana/Indianapolis _______________________________________________ packaging mailing list -- packaging@lists.fedoraproject.org To unsubscribe send an email to packaging-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/packaging@lists.fedoraproject....
- -- Igor Raits ignatenkobrain@fedoraproject.org
Le mardi 30 juin 2020 à 21:33 +0200, Igor Raits a écrit :
On Tue, 2020-06-30 at 15:19 -0400, Ben Cotton wrote:
https://fedoraproject.org/wiki/Changes/rpm_level_auto_release_and_changelog_...
The change will make those packages auto-bump and auto-changelog at the rpm level, in an infrastructure-independent way.
So how exactly is this supposed to work? From where will it get old changelog, how packagers will migrate to this, how does it affect reproducibility?
The changelog is just one file in SRPM sources, and bumping is done from last build state which is just one key = value file in sources (storing the evr components, the last built time, and last build packager id).
In reproducible mode last evr and packager id and build time are applied without bumping. You need to set %reproducible_build = true (or anything except false) in your ~/.rpmmacros (or config_opts['macros'], or as rpmbuild --define flags).
The auto framework (and %new_package) split Release in separate %{source_release} %{dist} and %{post_release} components, which makes the implementation way easier than multiplexing things in a single Release tag and trying to untangle the mess later.
A production implementation would probably split %{dist} in %{distcore} and %{distprefix} (the .gitdatehash things we stuff in Releases and in rpm changelogs as opposed to the fcX part we want to appear in Release but not in changelogs). I know where the offending code is in fedora- release and the split up is trivial to implement, but there’s no point in worrying about this level of detail before the core of the feature is approved (or not).
The implementation is really simple and easy, it took me two days to write and test it because it reuses all the building blocks I had already done for my other change (without those jungling all the bits involved at various points of the spec file would have been challenging to say the least).
So are you asking mock and koji people to implement something? Did you talk to them before submitting this proposal?
- Mock issue:
I filled the mock issue to inform them. Again, this is a feature that took me two days to code (it did not exist, even in thought, last saturday). I was actually surprised at how easy it was to implement, given the months if was discussed on this list.
At the mock level, there are two issues.
The main one (and only critical one) is that bumping MUST occur when %build is executed, because a spectool or rpmbuild -bs is not a build event, only a full build is. That means the SRPM produced by rpmbuild -bs is not the bumped SRPM, only the SRPM produced by rpmbuild -ba
is bumped. My (imperfect) understanding of the mock issue is that mock serves the first, not the second one at the end of the build process.
The second issue is that bumping changelog requires filling a builder name and mail in the changelog line, and mock provides not easy way to pass those to the build process.
If those two problems are lifted I see no special problem copr side (except using the new mock plumbing to pass builder iname & mail to mock).
For koji/fedpkg things are a bit more challenging because you will want to back-commit the bumping to git once a build succeeds. Which is the main point clime and me disagreed earlier on this year. Though, it is not a show-stopper initially, a packager can back-commit manually if he wants the bump recorded till tooling catches up.
While that adds constrains on the koji/git interface, that gives you a bumping mecanism totally generic and independant of the build infra, that does not rely on external python/ruby/whatever scripts to bum, and does not require messing with someone else’s spec just to trace and bump a rebuild.
Just importing an srpm from one system to another will preserve the bumping state without any data loss.
== Contingency Plan ==
There is no contingency plan because the change will happen or not at all.
This is not true. If it will happen but then something will be entirely broken we need to revert it.
Thank you for your vote of confidence. I hope you realise that by that yardstick, nothing would be accepted, including your own changes, because something may always happen someday causing someone to revisit something. And, the last time a problem occurred, it was traced to an undocumented and unannounced rpm change that no one knew how to fix rpm-side, and that you spent more energy proving it need not be fixed than on constructive solution-finding.
I freely admit that my code sucks and is way worse than the perfect code no one has written yet nor intends to write any day soon.
On Tuesday, 30 June 2020 at 21:19, Ben Cotton wrote:
https://fedoraproject.org/wiki/Changes/rpm_level_auto_release_and_changelog_...
== Summary ==
redhat-rpm-config will be updated so users of the auto framework get automated release and changelog bumping.
== Owner ==
- Name: [[User:nim| Nicolas Mailhot]]
- Email: <nicolas.mailhot at laposte.net>
== Detailed Description ==
This is a system-wide change because all packages build with redhat-rpm-config, but it only concerns packages that opted to use this part of redhat-rpm-config (auto framework).
The change will make those packages auto-bump and auto-changelog at the rpm level, in an infrastructure-independent way.
That's not detailed at all. You should provide at least one example here (or a direct link to one somewhere else on the wiki).
== Benefit to Fedora ==
Autobumping removes a huge packager shore and makes timestamping in
^^^^^ Did you mean "chore"?
changelogs more reliable.
What's "autobumping" here and how is it better than rpmdev-bumpsec?
[...]
== How To Test ==
A redhat-rpm-config packages with the changes and some example packages are available in https://copr.fedorainfracloud.org/coprs/nim/refactoring-forge-patches-auto-c...
A diff with changes and some explanation would be more accessible than having to dig inside a copr repo.
Why is a separate "rpm-changelog.txt" file with manually maintained changelog better than current manually maintained changelog inside .spec?
How about using git commit log for changelog instead?
[...]
To get beautiful changelogs, you also need to add
<pre> %buildsys_name Your name %buildsys_email Your email </pre>
in ~/.rpmmacros
What about having one macro called %buildsys_packager instead of two? You're always using them together, anyway. It'd be similar to the existing %packager macro, too.
Regards, Dominik
Le mercredi 01 juillet 2020 à 12:27 +0200, Dominik 'Rathann' Mierzejewski a écrit :
Hi,
That's not detailed at all. You should provide at least one example here (or a direct link to one somewhere else on the wiki).
Thank you for your attention and kind review. yes the wiki page was completely insufficient, I did it at the last minute to honor deadlines. Please check if it is ok for you now.
Anyway here are some answers I added to the wiki
What's "autobumping" here
The change will make packages that use the %auto_<call> redhat-rpm- config macros auto-bump and auto-changelog at the rpm level, in an infrastructure-independent way. The %auto_<call> framework is proposed in https://fedoraproject.org/wiki/Changes/Patches_in_Forge_macros_-_Auto_macros...
In that context, auto-bumping means that a SRPM, produced in any compatible build system (that is, any build system that does not inhibit low-level rpmbuild behaviour), will rebuild by default to a release higher, than the last build release, in the next build system it is imported into, without any manual change to the SRPM source files.
Auto-changelog means that the build event will also be traced in the rpm changelog (again, without any manual change).
and how is it better than rpmdev-bumpsec?
Unlike rpmdev-bumpsec, the feature is automatic.
It does not require explicit human action. Releases get bumped even if the human forgot a particular release has already been built.
It does not rely on an external tool, nor requires this external tool to be able to parse a spec file (which can be difficult for heavily automated spec files like the ones that take advantage of %auto<call> macros).
A rebuild does not touch the spec file at all. That means, the spec files changes tracked by your favorite scm, will show only spec logic changes, without drowning those in no-logic-change build events.
[...]
== How To Test ==
A redhat-rpm-config packages with the changes and some example packages are available in https://copr.fedorainfracloud.org/coprs/nim/refactoring-forge-patches-auto-c...
A diff with changes
The current code state is visible in
https://src.fedoraproject.org/fork/nim/rpms/redhat-rpm-config/commits/forge-...
It’s one small commit on top of the huge change queued in: https://fedoraproject.org/wiki/Changes/Patches_in_Forge_macros_-_Auto_macros... https://src.fedoraproject.org/rpms/redhat-rpm-config/pull-request/95
That PR can still evolve based on feedback and testing. Therefore, I can’t promise that the auto-bumping logic will always apply directly, just that it will look more or less this way after rebasing. I do not rebase it on every change to the other PR.
This is very young code, there are probably lots of easy things to tidy up in there. However it works.
Why is a separate "rpm-changelog.txt" file with manually maintained changelog better than current manually maintained changelog inside .spec?
This change does not separates the changelog. The separation is already done in
https://fedoraproject.org/wiki/Changes/Patches_in_Forge_macros_-_Auto_macros... that this change builds upon
Without separation, we would lose the benefit of auto-bumping at the SCM level, since no-logic-change rebuilds would still result in a spec file change.
Separation makes automation a lot easier since adding to the changelog is just pre-pending some lines, and does not require any knowledge of rpm syntax. Auto-bumping will add a "* date name evr" line on the next rebuild, so changelog additions can limit themselves to plain text descriptions of new changes at the top of the existing file.
Separation is a requirement for auto-changelog bumping at the rpm level. Once rpmbuilt is lauched, it can not modify the processed spec file. Therefore making the changelog modifiable by the build process requires splitting it out of the spec file first.
How about using git commit log for changelog instead?
This is a low level change that does not depend on any specific infrastructure, git included. It works directly at the rpm level.
An infrastructure that uses git, can feed git commit events to the detached changelog file, using dumb or elaborate git commit hooks, and any other method it wants to implement. The auto-bump logic does not care, it will use the detached changelog file in the state it exists at the start of the build process.
Because the logic catches all rebuilds, regular manual trimming of the lines that add no value is recommended.
[...]
To get beautiful changelogs, you also need to add
<pre> %buildsys_name Your name %buildsys_email Your email </pre>
in ~/.rpmmacros
What about having one macro called %buildsys_packager instead of two? You're always using them together, anyway. It'd be similar to the existing %packager macro, too.
This is certainly doable and will simplify the code. Therefore, I will do it. I was formatted by the way name and email are separated in .gitconfig
Please ask any other technical question you may have, they are helping me to make this Fedora feature better
Reagards,
Le mercredi 01 juillet 2020 à 12:27 +0200, Dominik 'Rathann' Mierzejewski a écrit :
To get beautiful changelogs, you also need to add
<pre> %buildsys_name Your name %buildsys_email Your email </pre>
in ~/.rpmmacros
What about having one macro called %buildsys_packager instead of two? You're always using them together, anyway. It'd be similar to the existing %packager macro, too.
This is now done in the latest code refresh and in the test copr https://src.fedoraproject.org/fork/nim/rpms/redhat-rpm-config/c/bc4e6a79355f... https://copr.fedorainfracloud.org/coprs/nim/refactoring-forge-patches-auto-c...
I fleshed out the change page a little too https://fedoraproject.org/wiki/Changes/rpm_level_auto_release_and_changelog_...
Regards,
Hi Nicolas,
Ben Cotton bcotton@redhat.com writes:
https://fedoraproject.org/wiki/Changes/rpm_level_auto_release_and_changelog_...
== Summary ==
redhat-rpm-config will be updated so users of the auto framework get automated release and changelog bumping.
== Owner ==
- Name: [[User:nim| Nicolas Mailhot]]
- Email: <nicolas.mailhot at laposte.net>
== Detailed Description ==
This is a system-wide change because all packages build with redhat-rpm-config, but it only concerns packages that opted to use this part of redhat-rpm-config (auto framework).
The change will make those packages auto-bump and auto-changelog at the rpm level, in an infrastructure-independent way.
Please forgive the silly questions (it's getting late here…), but how does this look in practice? How do I let rpm generate the changelog automatically? Is the old changelog discarded? And is this related to Piere/Pingou's work on the same topic that was deployed to koji staging?
Cheers,
Dan
Le mercredi 01 juillet 2020 à 23:48 +0200, Dan Čermák a écrit :
Hi Nicolas,
Hi Dan
This is a system-wide change because all packages build with
redhat-rpm-config, but it only concerns packages that opted to use this part of redhat-rpm-config (auto framework).
The change will make those packages auto-bump and auto-changelog at the rpm level, in an infrastructure-independent way.
Please forgive the silly questions (it's getting late here…), but how does this look in practice?
There are no silly questions, do ask if you have more.
How do I let rpm generate the changelog automatically?
This feature is not changelog generation, just changelog bumping on build events. You still need some other method to put non-build events in the changelog.
The detached changelog is just one more file in SRPM sources, which is modified by rpmbuild at `%build` time with other files rpmbuild modifies. The tricky part is to modify the source file as a source file so rpmbuild adds the result to the produced SRPM (and, that does not work in mock right now, because mock serves the SRPM that existed at the start, not at the end of the build. Though it’s probably just a matter of getting mock to call again its SRPM creation method at the end of the build).
The packager does not have to request the modification in his spec, it’s done as part of the various %auto_foo calls the change introduced
Is the old changelog discarded?
The old changelog file is replaced in srpm sources with a new file containing new build event lines before the old lines. It is not done before the build is effective and %build has been started (ie a rpmbuild -bs or rpmspec -P will show the future bump, but nothing will be stored before the build is effective)
And is this related to Piere/Pingou's work on the same topic that was deployed to koji staging?
It’s a different implementation, at the rpm level, that does not tie bumping to Fedora infra (koji included). Though, it is probably complementary to what pingou did on the changelog alimentation front.
IMHO the design mistake so far was to conflate bumping and non-build event changelog filling. You need to do both of course but build event should be a build event driven by the lowest common denominator (rpmbuild) with koji/infra scrapping rpmbuild results as usual and exposing them to users.
Regards,
* Nicolas Mailhot via devel:
How do I let rpm generate the changelog automatically?
This feature is not changelog generation, just changelog bumping on build events. You still need some other method to put non-build events in the changelog.
What is “changelog bumping”? Why is it needed? What about release bumping?
The detached changelog is just one more file in SRPM sources, which is modified by rpmbuild at `%build` time with other files rpmbuild modifies. The tricky part is to modify the source file as a source file so rpmbuild adds the result to the produced SRPM (and, that does not work in mock right now, because mock serves the SRPM that existed at the start, not at the end of the build. Though it’s probably just a matter of getting mock to call again its SRPM creation method at the end of the build).
The packager does not have to request the modification in his spec, it’s done as part of the various %auto_foo calls the change introduced
Can you list the relevant %auto macros explicitly somewhere? Is %autosetup included in the set of macros that trigger this behavior?
Thanks, Florian
Le 2020-07-02 09:52, Florian Weimer a écrit :
- Nicolas Mailhot via devel:
How do I let rpm generate the changelog automatically?
This feature is not changelog generation, just changelog bumping on build events. You still need some other method to put non-build events in the changelog.
What is “changelog bumping”? Why is it needed? What about release bumping?
Changelog bumping is the act of putting the actual release bump and build time in the changelog.
With the change, the spec is able to self-compute its next release if the spec file evr is older or equal to the last build event.
On build, it will both bump the release, without touching the spec file (that is release bumping) and commit the new build event timestamp in the detached changelog file at %build time (that is changelog bumping).
The detached changelog is just one more file in SRPM sources, which is modified by rpmbuild at `%build` time with other files rpmbuild modifies. The tricky part is to modify the source file as a source file so rpmbuild adds the result to the produced SRPM (and, that does not work in mock right now, because mock serves the SRPM that existed at the start, not at the end of the build. Though it’s probably just a matter of getting mock to call again its SRPM creation method at the end of the build).
The packager does not have to request the modification in his spec, it’s done as part of the various %auto_foo calls the change introduced
Can you list the relevant %auto macros explicitly somewhere? Is %autosetup included in the set of macros that trigger this behavior?
%autosetup is not part of the new framework, all the new %auto entry points have %auto_something name/
Auto release bumping and auto changelog bumping involve registering some processing in the preamble (to compute the next evr), in %sourcelist (to deal with the source files involved in saving state) in %build (to commit the new data to disk once the build is ongoing) and in %changelog (to get rpmbuild to record the new changelog state in package metadata)
ie it registers processing in %auto_pkg, %auto_sources, %auto_build and %auto_changelog
The bumping is done by the buildsys subsystem ie practically by %new_package (called by %auto_pkg, directly or via %buildsys_pkg), by %buildsys_sources (called by %auto_sources), %buildsys_build (called by %auto_build) and %buildsys_changelog (called by %auto_changelog).
It’s done by the buildsys subsystem because the %buildsys subsystem is tasked with writing the SRPM header in the new %auto_call framework, so only it knows which of the various (sub)package epochs and versions are the ones that apply to the SRPM.
This may seem a bit complex and convoluted, but that’s because autobumping
https://fedoraproject.org/wiki/Changes/Patches_in_Forge_macros_-_Auto_macros...
is a small addition over the big %auto_macros change.
https://fedoraproject.org/wiki/Changes/Patches_in_Forge_macros_-_Auto_macros...
And it is small because the big change provides all the low-level infra to code such high level features easily.
The big change was not done for autobumping. It’s only once I coded it for other packaging needs that I realized it made implementing autobumping trivial (trivial to me after all the other changes, maybe not so trivial for the average macro reviewer).
Regards,
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On Thu, 2020-07-02 at 11:17 +0200, Nicolas Mailhot wrote:
Le 2020-07-02 09:52, Florian Weimer a écrit :
- Nicolas Mailhot via devel:
How do I let rpm generate the changelog automatically?
This feature is not changelog generation, just changelog bumping on build events. You still need some other method to put non-build events in the changelog.
What is “changelog bumping”? Why is it needed? What about release bumping?
Changelog bumping is the act of putting the actual release bump and build time in the changelog.
With the change, the spec is able to self-compute its next release if the spec file evr is older or equal to the last build event.
How does it know that "last build event"?
On build, it will both bump the release, without touching the spec file (that is release bumping) and commit the new build event timestamp in the detached changelog file at %build time (that is changelog bumping).
The detached changelog is just one more file in SRPM sources, which is modified by rpmbuild at `%build` time with other files rpmbuild modifies. The tricky part is to modify the source file as a source file so rpmbuild adds the result to the produced SRPM (and, that does not work in mock right now, because mock serves the SRPM that existed at the start, not at the end of the build. Though it’s probably just a matter of getting mock to call again its SRPM creation method at the end of the build).
The packager does not have to request the modification in his spec, it’s done as part of the various %auto_foo calls the change introduced
Can you list the relevant %auto macros explicitly somewhere? Is %autosetup included in the set of macros that trigger this behavior?
%autosetup is not part of the new framework, all the new %auto entry points have %auto_something name/
Auto release bumping and auto changelog bumping involve registering some processing in the preamble (to compute the next evr), in %sourcelist (to deal with the source files involved in saving state) in %build (to commit the new data to disk once the build is ongoing) and in %changelog (to get rpmbuild to record the new changelog state in package metadata)
ie it registers processing in %auto_pkg, %auto_sources, %auto_build and %auto_changelog
The bumping is done by the buildsys subsystem ie practically by %new_package (called by %auto_pkg, directly or via %buildsys_pkg), by %buildsys_sources (called by %auto_sources), %buildsys_build (called by %auto_build) and %buildsys_changelog (called by %auto_changelog).
It’s done by the buildsys subsystem because the %buildsys subsystem is tasked with writing the SRPM header in the new %auto_call framework, so only it knows which of the various (sub)package epochs and versions are the ones that apply to the SRPM.
This may seem a bit complex and convoluted, but that’s because autobumping
https://fedoraproject.org/wiki/Changes/Patches_in_Forge_macros_-_Auto_macros...
is a small addition over the big %auto_macros change.
https://fedoraproject.org/wiki/Changes/Patches_in_Forge_macros_-_Auto_macros...
And it is small because the big change provides all the low-level infra to code such high level features easily.
The big change was not done for autobumping. It’s only once I coded it for other packaging needs that I realized it made implementing autobumping trivial (trivial to me after all the other changes, maybe not so trivial for the average macro reviewer).
Regards,
-- Nicolas Mailhot _______________________________________________ packaging mailing list -- packaging@lists.fedoraproject.org To unsubscribe send an email to packaging-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/packaging@lists.fedoraproject....
- -- Igor Raits ignatenkobrain@fedoraproject.org
Le 2020-07-02 11:21, Igor Raits a écrit :
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On Thu, 2020-07-02 at 11:17 +0200, Nicolas Mailhot wrote:
Le 2020-07-02 09:52, Florian Weimer a écrit :
- Nicolas Mailhot via devel:
How do I let rpm generate the changelog automatically?
This feature is not changelog generation, just changelog bumping on build events. You still need some other method to put non-build events in the changelog.
What is “changelog bumping”? Why is it needed? What about release bumping?
Changelog bumping is the act of putting the actual release bump and build time in the changelog.
With the change, the spec is able to self-compute its next release if the spec file evr is older or equal to the last build event.
How does it know that "last build event"?
The same process that commits a new state of the changelog file in sources, commits the date that was written in the changelog in a separate key = value file (with the components of the build evr, the last packager id, etc).
That means, you can trim the detached changelog file (if you find the list of build events uninteresting), the SRPM will still remember to bump the next EVR to something above the last build (even if it does not appear in the changelog file).
(That also means I could dispense with writing a parser for the custom timestamp format rpm changelogs use, and save the date in easy to parse RFC 3339/ ISO 8601 format)
Regards,
Nicolas Mailhot wrote:
The same process that commits a new state of the changelog file in sources, commits the date that was written in the changelog in a separate key = value file (with the components of the build evr, the last packager id, etc).
Do you mean that the key/value file will be committed to Git from inside Koji? Do the Koji builders have write access to Git?
commit the new build event timestamp in the detached changelog file at %build time
%build is executed once per arch, on different builders, so which builder's timestamp gets committed to Git?
Björn Persson
On Thu, Jul 02, 2020 at 12:10:58PM +0200, Björn Persson wrote:
Nicolas Mailhot wrote:
The same process that commits a new state of the changelog file in sources, commits the date that was written in the changelog in a separate key = value file (with the components of the build evr, the last packager id, etc).
Do you mean that the key/value file will be committed to Git from inside Koji? Do the Koji builders have write access to Git?
This is the part that worries me a little about this approach. Builders currently do not have commit access to git and I'm not sure if we want them to considering they have git installed (so they can clone) as well as access to all the packages in dist-git from a networking point of view (again so they can clone). So if we were to give the builders commit access to dist-git, an attacker could easily commit to any other packages, potentially from something as easy as a scratch-build.
rpmautospec relies on git tags to store the build info, could it be considered here? It may make things a little safer as we could then restrict the access of that user/ssh key to only git tags (or do like rpmautospec and query pagure's API to have it create the git tag, thus dropping the need for ssh key).
Pierre
On Friday, July 3, 2020 9:48:06 AM CEST Pierre-Yves Chibon wrote:
So if we were to give the builders commit access to dist-git, an attacker could easily commit to any other packages, potentially from something as easy as a scratch-build.
Absolutely!
Koji authenticates build submitters (I'm not sure it authorizes them). So technically, _something_ on backend could be allowed to commit to dist-git (in the name of build submitter).
Before the SRPM build task, Koji could request "GetReleaseBumpPatch" task, the builder could then just read-only clone the git, bump the release, return the patch back for backend -- and let Koji apply it.
But yeah, that's off topic a bit. This is not what the current proposal is about.
Pavel
Le vendredi 03 juillet 2020 à 09:48 +0200, Pierre-Yves Chibon a écrit :
On Thu, Jul 02, 2020 at 12:10:58PM +0200, Björn Persson wrote:
Nicolas Mailhot wrote:
The same process that commits a new state of the changelog file in sources, commits the date that was written in the changelog in a separate key = value file (with the components of the build evr, the last packager id, etc).
Do you mean that the key/value file will be committed to Git from inside Koji? Do the Koji builders have write access to Git?
This is the part that worries me a little about this approach. Builders currently do not have commit access to git and I'm not sure if we want them to considering they have git installed (so they can clone) as well as access to all the packages in dist-git from a networking point of view (again so they can clone). So if we were to give the builders commit access to dist-git, an attacker could easily commit to any other packages, potentially from something as easy as a scratch-build.
From a purely architecture POW I’m convinced the proposed approach is the correct approach. Anything else proposed so far involves: – tying a low-level event like "build occurred at date XXX" to high- level Fedora infra (making our workflow non portable and incompatible with downstreams and third parties) – taking bets in git that a build will occur and succeed (before it actually occurs and succeeds, in real life builds fail for various reasons), and – attempting to munge spec file behind the packager back (unlikely to work fine the more automated and dynamic we made those).
However, because it’s the correct architecture solution, it also forces to make hard architectural choices, instead of mixing unrelated things in git and pretending that makes the result fine. Mixing unrelated things in a pile of container or git poo and pretending the result is fine is exactly what I hate in contenerish build workflows and why I work on rpm packaging.
From a pure high-level view, the thing in our infra that gates builds and decides whether they are official or scratched is bodhi.
So if you want to push Fedora release logic to its ultimate conclusion, the thing that should be in charge of committing the new release/changelog build state to package history in git is bodhi, not koji. And you can put security related checks there, since deciding to push things to users requires security related checks anyway (that probably also involves branching while a bodhi update is in flight and not approved yet).
However, that’s if you want to push the model to its ultimate conclusion and have something nice solid, automated, and future-proof.
If you don’t want to touch bodhi, and it you do not want koji to commit to git (which, is not the best of things for the reasons you stated, and for the reasons I stated), you can just: – make the koji client return the URL that will contain the SRPM at the end of the build process if it succeeds. – have the person of script that called the koji client (and has, presumably, write access to the corresponding packages) consult the build results later – and have this person or script decide if he or it wants to commit the build result to history or not
That’s the REST way of doing things. It’s a co-out because you push hard commit decisions to the client, but it’s a prefectly valid approach. The commit decision exists with or without my change, it’s just people have (successfully) convinced themselves git is magic and git makes release decisions go away.
You could also try to filter source files to limit the back commit to specific files. But really, if you don’t trust your build process to modify files in a secure way, you should not distribute the produced RPMs in the first place.
rpmautospec relies on git tags to store the build info, could it be considered here?
As explained above, that does not solve any of the hard problems, that handwaves them away by pretending that because someone filled some metadata in git, it corresponds to the actual build state.
Regards,
On Fri, Jul 03, 2020 at 11:11:30AM +0200, Nicolas Mailhot via devel wrote:
Le vendredi 03 juillet 2020 à 09:48 +0200, Pierre-Yves Chibon a écrit :
On Thu, Jul 02, 2020 at 12:10:58PM +0200, Björn Persson wrote:
Nicolas Mailhot wrote:
The same process that commits a new state of the changelog file in sources, commits the date that was written in the changelog in a separate key = value file (with the components of the build evr, the last packager id, etc).
Do you mean that the key/value file will be committed to Git from inside Koji? Do the Koji builders have write access to Git?
This is the part that worries me a little about this approach. Builders currently do not have commit access to git and I'm not sure if we want them to considering they have git installed (so they can clone) as well as access to all the packages in dist-git from a networking point of view (again so they can clone). So if we were to give the builders commit access to dist-git, an attacker could easily commit to any other packages, potentially from something as easy as a scratch-build.
From a purely architecture POW I’m convinced the proposed approach is the correct approach. Anything else proposed so far involves: – tying a low-level event like "build occurred at date XXX" to high- level Fedora infra (making our workflow non portable and incompatible with downstreams and third parties)
I don't think this point is true in the case of rpmautospec.
– taking bets in git that a build will occur and succeed (before it actually occurs and succeeds, in real life builds fail for various reasons), and
I don't think this point is true, in the case of rpmautospec where the tagging is done by the build system, once that build has succeeded.
– attempting to munge spec file behind the packager back (unlikely to work fine the more automated and dynamic we made those).
I'd contest the "behind the packager back" in the case of rpmautospec considering this is well documented, but I fear that qualification may just have been a little trolling :)
However, because it’s the correct architecture solution, it also forces to make hard architectural choices, instead of mixing unrelated things in git and pretending that makes the result fine. Mixing unrelated things in a pile of container or git poo and pretending the result is fine is exactly what I hate in contenerish build workflows and why I work on rpm packaging.
From a pure high-level view, the thing in our infra that gates builds and decides whether they are official or scratched is bodhi.
So if you want to push Fedora release logic to its ultimate conclusion, the thing that should be in charge of committing the new release/changelog build state to package history in git is bodhi, not koji. And you can put security related checks there, since deciding to push things to users requires security related checks anyway (that probably also involves branching while a bodhi update is in flight and not approved yet).
However, that’s if you want to push the model to its ultimate conclusion and have something nice solid, automated, and future-proof.
If you don’t want to touch bodhi, and it you do not want koji to commit to git (which, is not the best of things for the reasons you stated, and for the reasons I stated), you can just: – make the koji client return the URL that will contain the SRPM at the end of the build process if it succeeds. – have the person of script that called the koji client (and has, presumably, write access to the corresponding packages) consult the build results later – and have this person or script decide if he or it wants to commit the build result to history or not
So if I understand correctly the proposed workflow is: - git commit your changes && git push - fedpkg build the commit - if build succeeded: (the build system if we manage to, or the packager:) - $editor release_file - adjust the release value in that file - git add release_file && git commit && git push
The suggestion I'm proposing would be: - git commit your changes && git push - fedpkg build the commit - if build succeeded: - the build system tags the commit built with the release value And we could trivially re-use the koji plugin that was written for rpmautospec to do this, in whichever format your macros need.
This lowers the amount of manual interventions and reduces the risk of conflict as the release_file would change for every build (conflicts which would also appear when doing git merge and potentially in PRs, especially if that file remains manually updated). Basically, we are introducing another "sources" file that will conflict for every release change rather than version change.
Also, if you have long running builds (say chromium or libreoffice that takes multiple hours). If the commit updating the release_file happens at the end of the build, there could have been another commit push while the build was happening. Say we're building commit B and updating the release_file in B', we would end up with a git commit log looking like:
A -> B -> C -> B'
But "C" wasn't build in the release that B' indicates, so the git history becomes quite unreliable to link it to a build.
In addition, if the commit (B') happens in the build system, the push is likely going to fail as there is a new commit in the repo (or we pull first, but then we come back to the issue described above).
All this to say that I do not understand why tying so much this idea to a file in git vs a git tag. The git tags could contain the same information as the file, it would just be stored in a different place but it would still be in git. The action to add a git tag could be restricted to the build system, thus reducing the risk of messing up the information used by your macros. The tags will not conflict on PRs or git merge, they can be made after the build without re-writing history or mis-representing it and as such they allow to keep the mapping consistent between what is in git and what was built in the build system.
Does that make sense or am I missing something here?
Pierre
* Nicolas Mailhot:
Le 2020-07-02 09:52, Florian Weimer a écrit :
- Nicolas Mailhot via devel:
How do I let rpm generate the changelog automatically?
This feature is not changelog generation, just changelog bumping on build events. You still need some other method to put non-build events in the changelog.
What is “changelog bumping”? Why is it needed? What about release bumping?
Changelog bumping is the act of putting the actual release bump and build time in the changelog.
With the change, the spec is able to self-compute its next release if the spec file evr is older or equal to the last build event.
On build, it will both bump the release, without touching the spec file (that is release bumping) and commit the new build event timestamp in the detached changelog file at %build time (that is changelog bumping).
Isn't this totally over-engineered?
A much simpler alternative would just put the Koji task ID into the %dist tag. Since the %dist tag is not included in the version-release fields on the %changelog section, no changelog update is needed.
Thanks, Florian
Le 2020-07-02 11:17, Nicolas Mailhot via devel a écrit :
This may seem a bit complex and convoluted, but that’s because autobumping
https://fedoraproject.org/wiki/Changes/rpm_level_auto_release_and_changelog_...
is a small addition over the big %auto_macros change.
https://fedoraproject.org/wiki/Changes/Patches_in_Forge_macros_-_Auto_macros...
Hi Nicolas,
Nicolas Mailhot nicolas.mailhot@laposte.net writes:
How do I let rpm generate the changelog automatically?
This feature is not changelog generation, just changelog bumping on build events. You still need some other method to put non-build events in the changelog.
The detached changelog is just one more file in SRPM sources, which is modified by rpmbuild at `%build` time with other files rpmbuild modifies. The tricky part is to modify the source file as a source file so rpmbuild adds the result to the produced SRPM (and, that does not work in mock right now, because mock serves the SRPM that existed at the start, not at the end of the build. Though it’s probably just a matter of getting mock to call again its SRPM creation method at the end of the build).
So essentially you store the changelog in a separate file (like it is done in openSUSE) and use that to calculate the next release field?
Given the other replies to this thread (that this is all local only, unless koji does git commits), does that mean that it's still: dist-git commit = rebuild. The "only" difference to the current state of affairs being, that I don't have to specify the Release field myself?
The packager does not have to request the modification in his spec, it’s done as part of the various %auto_foo calls the change introduced
Could you provide an example how this would look in practice?
And is this related to Piere/Pingou's work on the same topic that was deployed to koji staging?
It’s a different implementation, at the rpm level, that does not tie bumping to Fedora infra (koji included). Though, it is probably complementary to what pingou did on the changelog alimentation front.
IMHO the design mistake so far was to conflate bumping and non-build event changelog filling. You need to do both of course but build event should be a build event driven by the lowest common denominator (rpmbuild) with koji/infra scrapping rpmbuild results as usual and exposing them to users.
This is a good point imho: not every rebuild warrants a changelog entry and having both separated appears sensible to me.
What I am currently missing from this proposal though is: - How is this actually even implemented? - How will this look in practice? - Given that additional files would be put into dist-git, how do we roll this back in case things go wrong? (Having thousands of "remove %autorelease" commits by releng could be an option here, albeit not a pretty one).
Cheers,
Dan
Le 2020-07-05 23:55, Dan Čermák a écrit :
Hi Dan
So essentially you store the changelog in a separate file
The changelog is already detached in the F33 change https://fedoraproject.org/wiki/Changes/Patches_in_Forge_macros_-_Auto_macros...
This F34 change adds bumping to the detached file https://fedoraproject.org/wiki/Changes/rpm_level_auto_release_and_changelog_...
and use that to calculate the next release field?
The changelog file is not used as source of data, except as a reference state that will be added to. Using the changelog file as source of data would require quite a lot of complex and unreliable changelog format parsing, so the bumping data is taken from another key = value file (that uses the same persistence mechanisms).
Also the packager may decide to trim quite a lot of intermediary changelog events, so the EVR and date in the last changelog entry are not necessarily the EVR and date of the last build.
Given the other replies to this thread (that this is all local only, unless koji does git commits), does that mean that it's still: dist-git commit = rebuild.
To be part of official Fedora history the result of a build needs to be committed yes. The change does not force you to build every commit, nor to commit every build out there.
The "only" difference to the current state of affairs being, that I don't have to specify the Release field myself?
Once you've modified a spec, and set a starting evr point in this spec, further rebuilds do not involve touching the spec. Spec changes are real spec changes, not spec changes to bump a release or bump a changelog.
The packager does not have to request the modification in his spec, it’s done as part of the various %auto_foo calls the change introduced
Could you provide an example how this would look in practice?
If you want a demonstration of the auto framework and of changelog detaching, you can take any of the non macro builds in https://copr.fedorainfracloud.org/coprs/nim/refactoring-forge-patches-auto-c...
If you want to see a demonstration of autobumping, you need to rpmbuild -ba manually right now, because of the two small limitations mock side. So you need to take the redhat-rpm-config and fonts macro packages in: https://copr.fedorainfracloud.org/coprs/nim/refactoring-forge-patches-auto-c...
and rebuild one of the other packages in there.
The only difference between the two coprs is the redhat-rpm-config package, there is no change in the fonts macro package or in the automated packages themselves. Autobumping can be implemented without any spec file change once the auto framework is used.
(The mock limitations are first, the fact that mock currently collects the SRPM at the start, not end of the build process, and second, the fact you need to pass packager ID that will end up in the changelog bump to the build process and there is no way in the copr/copr UI do do that.)
What I am currently missing from this proposal though is:
- How is this actually even implemented?
- How will this look in practice?
See above ↑
- Given that additional files would be put into dist-git, how do we
roll this back in case things go wrong? (Having thousands of "remove %autorelease" commits by releng could be an option here, albeit not a pretty one).
Since bumping is a feature over the auto framework, and does not require any additional spec change, it is enabled by registering bumping processing in this framework, and disabled by removing this registration. There is no need to change spec files or history. In fact I use the same spec files to QA the auto framework and bumping, and depending if the redhat-rpm-config version I test includes the bumping or not, they will bump or not.
When bumping code is not present the additional key=value file bumping uses is not auto-added to sources, so the next srpm import will clear it from sources the same way patches disappear from sources once no longer used (and can linger forever if a packager does not import srpms and does not git rm those files explicitly).
Removing the auto framework is something else altogether. Because its aim is to massively simplify spec files (in opt-in, not mandatory mode), you can not go back without undoing the spec simplifications.
However, because great care was taken to define a clean and generic spec syntax when using the auto framework, you could replace it will multiple reimplementations without changing spec files. The %auto framework spec API is basically
%prep %auto_prep ← automated processing
It’s hard to go more generic than that. (You might want to remove the %auto calls altogether and have %prep, for example, call %prep by default, but that would remove the packager choice to use or not the %auto calls, and to insert custom processing before those calls).
The only "irregularity" is that the %auto macro in %sourcelist is named %auto_sources (likewise for patches), but that could be changed if people wanted it changed, and is an artefact of the general mess sources and patches are in rpm, with layers over layers of confusing things named almost the same, but not exactly the same.
Regards,
You were great and everyone received so much from your experience and knowledge Absolutely amazing, thank you for sharing your knowledge with me.
Hi, I am Staff Website Promoter at http://mgwin88s.com/ the online market place resource for Telecom engineers and businesses and the Fastest Growing Start-up with a Global Workforce in 147 Countries .
Hello! I'm Christine Maria. I'm 24 years old and live in Thailand. Let's be friends :)
https://lsm99s.net/ เว็บพนันออนไลน์ ฟรีเครดิต
thanks for your information this is my site : ufabet https://ufabet888.vip/
packaging@lists.fedoraproject.org