manifest: Add lockfile-repos field#2058
Merged
openshift-merge-robot merged 1 commit intocoreos:masterfrom Apr 19, 2020
Merged
Conversation
Member
Author
|
Requires: #1858. |
This was referenced Apr 14, 2020
jlebon
force-pushed
the
pr/lockfile-repos
branch
from
02f50c3 to
44e8e28
Compare
Member
Author
|
OK, rebased this! |
Member
Author
|
/test sanity |
This was referenced Apr 17, 2020
jlebon
force-pushed
the
pr/lockfile-repos
branch
from
44e8e28 to
fec25d5
Compare
Member
Author
|
Example of this being used: coreos/fedora-coreos-config#355. Where this is going: coreos/fedora-coreos-tracker#293 (comment) |
Member
|
Missing an update in |
In Fedora CoreOS, we have a "coreos-pool" repo from which all packages in lockfiles are tagged for reproducible builds. This repo is shared across all streams, including those on f31 and f32. Thus, it makes no sense for composes to ever pick packages unconstrained from the pool without being guided by a lockfile. Otherwise, one can easily end up with e.g. f32 packages in an f31 compose. Add a new `lockfile-repos` for this which is only used for fetching lockfile packages and nothing else. For example, this will allow `cosa fetch --update-lockfile` to Just Work as expected by only fetching new packages from regular yum repos.
jlebon
force-pushed
the
pr/lockfile-repos
branch
from
fec25d5 to
242b6f4
Compare
Member
|
/lgtm |
Collaborator
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cgwalters, jlebon The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In Fedora CoreOS, we have a "coreos-pool" repo from which all packages
in lockfiles are tagged for reproducible builds. This repo is shared
across all streams, including those on f31 and f32.
Thus, it makes no sense for composes to ever pick packages unconstrained
from the pool without being guided by a lockfile. Otherwise, one can
easily end up with e.g. f32 packages in an f31 compose.
Add a new
lockfile-reposfor this which is only used for fetchinglockfile packages and nothing else. This for example will also allow
e.g.
cosa fetch --update-lockfileto Just Work as expected by onlyfetching new packages from regular yum repos.