-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SLSA support #3058
SLSA support #3058
Conversation
- Add script to run relpkg - Add systemd service and timer - Change SLSA user - Only run pkglistgen when build finishes
- Add oscrc file for SLSA - Change user to osrt-slsa
- Refactor log - Unify log for pkglistgen - Replace external while true loop with a systemd timer for pkglistgen - Add process check on verify-build-and-generatelists and generate-release-packages to avoid start pkglistgen when there is an instance that is already running it - SLSA services must not share the same workdir
- Decrease the interval time to trigger pkglistgen - Add debug flag for relpkgen
- Create custom-cache-tag for pkglistgen to enable separate cache dir name in case of parallel running - Add custom-cache-tag to SLSA services - Check for systemd service instead of process to ensure that SLSA services will not run in parallel - Change pkglisgen timer to avoid overlap with relpkggen timer
and remove logrotate file
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #3058 +/- ##
==========================================
- Coverage 28.31% 25.37% -2.95%
==========================================
Files 86 86
Lines 14799 14803 +4
==========================================
- Hits 4191 3756 -435
- Misses 10608 11047 +439 ☔ View full report in Codecov by Sentry. |
the test is failed. |
SLSA scripts don't have a help flag due to they are intended to be executed by sytemd services only.
Fixed, excluded the 2 SLSA scripts from the test as they don't have help flag because they are intended to be executed only by systemd services. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm fine with the change. But we might need to wait #3062 I assuming that, otherwise the packaging test can not be succesful if I understand that right...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
somebody forgot about RPM 4.19:
either the user is generated properly using sysusers.d or it is at least advertised in the pkg meta |
Due to SLSA constrains pkglistgen.py cannot run on botmaster using gocd, as it must run on a separate and isolated server the following changes were added: