#centos-devel log

16:03:42 <hhorak> #startmeeting CentOS SCLo SIG sync-up meeting (2015-01-21)
16:03:42 <centbot> Meeting started Wed Jan 21 16:03:42 2015 UTC.  The chair is hhorak. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:03:42 <centbot> Useful Commands: #action #agreed #help #info #idea #link #topic.
16:04:34 <maxamillion> ah
16:04:36 * maxamillion is here
16:04:42 <Evolution> present.
16:04:43 <alphacc> hi all
16:04:48 <jorton> howdy
16:04:52 <avij> hi
16:05:02 <Dominic> hey
16:05:19 <hhorak> Hi all, that's a great list of interested people :)
16:06:25 <kbsingh> i am here, but i am also on a phone conf call
16:06:29 <hhorak> just to sum up where we are since the last sync -- kbsingh hacked the things in the koji somehow so it is not possible to import srpms into rpms/ namespace
16:07:22 <kbsingh> did you mean not or now ?
16:07:37 <hhorak> sorry, I meant now :)
16:07:46 <hhorak> what a mess one letter makes :)
16:07:55 <kbsingh> i got worried..
16:08:31 <maxamillion> is there a centpkg/centospkg package somewhere? last time I went looking it wasn't there yet
16:09:13 <Evolution> maxamillion: it lives in git presently. it's not shipped in the repos yet.
16:09:23 <Evolution> it's something bstinson is working on
16:09:37 <maxamillion> rgr
16:10:10 <hhorak> I think that is one piece that needs still some work
16:10:39 <hhorak> another is the authtag that allows to import ordinary (nonadmin) users to import the packages there
16:10:48 <Evolution> agreed on both.
16:11:11 <hhorak> maybe these issues are connected, but anyway, that's something still on the todo list..
16:11:16 * bstinson is lurking (off to another meeting soon) but http://wiki.centos.org/HowTos/Centpkg should help with testing
16:11:18 <kbsingh> that + binary upload from users should happen this Friday
16:11:32 <hhorak> kbsingh: sounds great!
16:11:37 <kbsingh> ( as in, those are the two bits that I am working on this friday )
16:15:06 <hhorak> so to summarize the workflow how I understand it.. (and with a bit of own imagination, so it may be a subject of discussion still)
16:15:39 <hhorak> 1. user becomes member of scl sig and gets access to git under sclo project
16:16:18 <hhorak> 2. s(he) develops/contributes to a collection under sclo
16:17:06 <hhorak> 3. s(he) exports srpm and imports it into rpms project (this uses a different git structure)
16:17:37 <hhorak> 4. s(he) builds the collection in the rpms/ project and it may be considered official
16:17:57 <hhorak> does it make sense or am I missing something important?
16:18:39 <Evolution> that seems right. kbsingh?
16:19:06 <Evolution> should there be some approval for the sclo-> /rpms bit involved in the scl sig?
16:19:16 <hhorak> (5. scl.org may include links to those collections rather than collections built in copr, eventhough the copr may be still used to build "testing" collections directly from sclo/ namespace)
16:19:40 <kbsingh> the (3) bit seems tedious
16:20:07 <Dominic> particularly given the size of some collections
16:20:38 <kbsingh> afaik, its just down to the different git layout right ?
16:20:59 <kbsingh> or is there also a need to have a smaller number of people able to move into /rpms compated to who all are working in /sclo
16:21:44 <hhorak> Evolution: good point, that makes sense, I'm just not sure if we should approve only when creating new collection under sclo/ or even for moving to rpms/
16:22:04 <jorton> it may be too early to consider.  are we going to allow a free-for-all in terms of what collections are created?
16:22:22 <hhorak> kbsingh: it's also because rpms/ namespace is only space where builds get signing, right?
16:22:22 <Evolution> hhorak: just some sort of sanity checking by an authority figure so it's not a free-for-all
16:23:16 <hhorak> jorton: I'm fine with positive approach, just stop the process as soon as it seems the collections is defective..
16:23:37 <kbsingh> jorton: sure, lets keep as much open as far as possible, and close to solve problems if they come up
16:23:53 <kbsingh> w.r.t (3) - we need to make that as painless as possible.
16:24:05 <jorton> great, sounds good.
16:24:07 <kbsingh> and i think that means abstracting it away from the users, and make it an automation problem
16:24:20 <alphacc> anyway each collection will be approved in the matter we have to create koji targets
16:24:35 <kbsingh> I, for one, would be going nuts very quick if i had to manually shovel srpms around
16:24:55 <kbsingh> alphacc: yeah, so essentially that is already happening ( an approval thing )
16:28:40 <hhorak> kbsingh: is that something what can be scripted into centpkg for instance?
16:28:59 <hhorak> kbsingh: or you have anything else on your mind?
16:29:13 <kbsingh> i think so - there is a lot of automation behind git.centos.org as well, including doing all sorts of unmentionable things to srpms - so we might be able to leverage some of that
16:29:30 <kbsingh> eg. plumb in a set of pre-flight tests (like we do for distro stuff) and have centpkg able to call that
16:30:23 <kbsingh> one of the pre-flight tests that happen is that the system will ensure an srpm can be built from the HEAD in git/ and all the patches apply ( via a rpmbuild -bp --nodeps )
16:30:43 <kbsingh> i guess the short answer to your question is : yes.
16:31:23 <hhorak> kbsingh: ok, adding it as a piece missing, but not blocking us
16:31:34 <kbsingh> ok
16:33:49 <hhorak> another thing (imho still not ready) is to be able to set access rights in the git repos under sclo/ namespace based on component. we talked about it few weeks before xmas but I forgot who to ask for progress :)
16:38:08 <kbsingh> hhorak: tell me more about what that involves ?
16:38:59 <kbsingh> users can get ACL based on target dir path ( ie /projects/sclo/* ) or per git repo ( /projects/sclo/<blah>/ ), or by pattern ( which i dont really like very much )
16:39:08 <kbsingh> it can be set either by user
16:39:18 <kbsingh> or by group, and have multiple usrs be part of a group
16:39:57 <kbsingh> also, one piece of code that we carry unique to our setup is that you can have users limited by branchname in the push
16:40:10 <kbsingh> you can limit users to pushing into git repos + regex for branch name
16:40:36 <kbsingh> ( this is how the whole authtag thing works in /rpms )
16:40:39 <Evolution> kbsingh: might help to point to some doco on how to do that.
16:41:02 <Evolution> right now hhorak, maxamillion, RemiFedora and jorton are in the sig-sclo-admins group, which should have full control over everything.
16:41:15 <maxamillion> rawr
16:41:18 <kbsingh> Evolution: I've only been using the gui, there is an api as well, but not used it
16:41:19 <Evolution> there's also a -user's group for population later
16:41:51 <kbsingh> that should work, just wondering what hhorak wants in addition to this
16:42:05 <Evolution> iirc, -users is set so that they can push/pull but not branch/tag
16:42:47 <hhorak> that's actually it, so it is also about making the authtag working, just for sclo/ namespace ... and learn how admins can use it to assign permissions to non-admins (if that is possible)
16:43:04 <hhorak> or do we just create a ticket and somebody does it for us?
16:44:04 <Evolution> right now the latter, as I (or someone else) would have to add new people to one group or the other. I don't *think* I can assign you modification rights to the user's group
16:44:13 <Evolution> however we're working toward the former.
16:44:25 <Evolution> I have a recipe for doing exactly this (thanks MerlinTHP ) in freeipa
16:44:42 <Evolution> we just need a bit of dev time to get a couple hooks in ipa and we're golden.
16:45:09 <kbsingh> hhorak: so, the authtag thing is limited to /rpms at the moment - i had to do quite a bit of work to limit it there, you can do whatever you want in sclo space, if you want to control acl by branch name there as well, we might need to get creative, or i need to go back look at this code a bit more
16:47:38 <kbsingh> how about we pickup on the auth thing later and move on for the scl syncup now. we can work most things out on the auth side to suite whatever is needed
16:47:48 <hhorak> kbsingh: I'd say it also doesn't block us, even if it would be nice feature for the future... for the bright future where sclo/ is edited by hundreds of users every day.. :)
16:48:07 <RemiFedora> sorry, have to go, will read the log later
16:48:14 <kbsingh> hhorak: ok
16:50:01 <hhorak> I think I'm out of topic anyway, I'll try to sum it up on the wiki page to track the missing parts.. so for now the only blocking items are authtag for rpms/ and centpkg package available ... (hopefully I didn't forget anything important)
16:50:21 <kbsingh> so whats the plan for existing scl's out there - including the devtools stuff .
16:50:36 <kbsingh> did alphacc or tru_tru build them as yet ? if not, do we have a plan for those ?
16:50:48 <hhorak> * on the sclo wiki page, I should now have access, didn't tested yet though.
16:51:23 <hhorak> kbsingh: you mean the packages basically from rhscl-1.2?
16:51:28 <kbsingh> yup
16:52:41 <hhorak> i didn't see them built yet, but I'd like to.. so that's what we'll start with I guess.
16:55:49 <hhorak> ah, one another question I almost forgot -- importing into sclo/ namespace should work after authtag is ready?
16:56:15 <hhorak> I mean if it is expected to work with fedora-layout.
16:58:24 <kbsingh> so, you should be able to import anything in sclo
16:58:29 <kbsingh> into whatever format you want
16:58:32 <kbsingh> and branch it as you want
16:58:45 <kbsingh> from the project side of things, its a 'scratch' area for SCL's
16:59:17 <kbsingh> and all non rpm content ( test suite ? build scripts ?  docs ? ) etc would all end up there as well, so there is no expectation on git layout
16:59:22 <kbsingh> ( is that what your question was )
17:00:02 <hhorak> kbsingh: yeah, I was not specific enough, i was wondering about the binary stuff -- if the look-aside cache will be available there, so I read it as yes..
17:00:13 <centos-ci-bot> Project t_docker-c7-64_extra build #80: ABORTED in 8 min 53 sec: http://ci.dev.centos.org/job/t_docker-c7-64_extra/80/
17:00:13 <kbsingh> yup
17:00:14 <centos-ci-bot> Project t_docker-c7-64_virt7-testing build #95: ABORTED in 8 min 53 sec: http://ci.dev.centos.org/job/t_docker-c7-64_virt7-testing/95/
17:00:23 <centos-ci-bot> Project t_docker-c6-64 build #338: ABORTED in 9 min 5 sec: http://ci.dev.centos.org/job/t_docker-c6-64/338/
17:01:17 <hhorak> so I think we can end today if nobody has anything else.
17:01:38 <kbsingh> I'm good
17:01:57 <hhorak> The next week I won't be available since we'll already be heading to the airport. So do we want to arrange anything for fosdem already? I guess many of us will meet on the dojo event.
17:01:57 <Evolution> wfm
17:02:18 <Evolution> yep. this time next week I'll be just arriving
17:03:06 <kbsingh> Evolution: you would have already been in bru for ~ 10 hrs at this time next week :)
17:03:33 <kbsingh> hhorak: so, there is a session setup for you - from 1hr to 1hr 30 min, you can go as long as you like
17:03:45 <Evolution> that makes my internal clock cringe
17:03:51 <kbsingh> hhorak: I've not got any prep on my side for your session, so there will be a projector and hopefully someone in the audience
17:04:27 <kbsingh> hhorak: there is a -very- limited internet connection, 2mbps for ~ 100 people, so dont rely on there being usable internet ( there might be, but dont rely on it )
17:04:37 <kbsingh> so if there is a need to pre-cache anything, let me know
17:06:23 <hhorak> kbsingh: I'm fine being offline (hopefully :) )
17:06:37 <kbsingh> cool
17:07:14 <kbsingh> we have a 2 hr hack session, which is no agenda stuff - so if you have examples of scl stuff in git/cbs - we can work through those at the time
17:07:27 <kbsingh> including do some complete git import -> build -> sign -> release trial runs
17:07:46 <kbsingh> we will have alphacc and bstinson there as well, so we can file lots of bug reports for them :)
17:08:01 <bstinson> yay bug reports!
17:08:23 <hhorak> wow, great
17:10:28 * hhorak doing some nice meeting minutes: #info To summarize the workflow for a virtual SCL packager Jerry: #info 1. Jerry becomes a member of scl sig and gets access to git under sclo project #info 2. Jerry develops/contributes to a collection under sclo namespace #info 3. Jerry exports srpm and imports it into rpms project (this uses a different git structure) #info 4. Jerry builds the collection in the rpms/ project and it may be consid
17:10:37 <hhorak> #endmeeting