Re: Gnome Flatpak build system, descriptions and questions

From: Alexander Larsson <alexl redhat com>
To: Richard Hughes <hughsient gmail com>
Cc: "gnome-os-list gnome org" <gnome-os-list gnome org>, desktop-devel-list <desktop-devel-list gnome org>
Subject: Re: Gnome Flatpak build system, descriptions and questions
Date: Fri, 26 Aug 2016 09:43:54 +0200

On tor, 2016-08-25 at 17:29 +0100, Richard Hughes wrote:

On 25 August 2016 at 16:29, Alexander Larsson <alexl redhat com>
wrote:


However, it would
make more sense for each individual application developers to
maintain
the manifest in the applications git repo.

I think this is a very good idea indeed; I was confused about the
"centralization" aspect of the builder files. Isn't this just some
globbing, if we all agree to put the manifest in the same place in
the
git tree?


Well, it was initially put in a separate git repo as we were just a few
people trying to build a lot of apps, and that was the easiest way to
get started. However, now that things are a bit more stable moving it
to each individual repo makes sense.

There are some complexities though. There are two things we want to
build, the "latest unstable" and the "last stable release". The obvious
solution is to store a json file with a predictable name in master for
the unstable release, and in the latest stable branch for the stable
one.

However, how do we find which git repos have such json files, and how
do we know what is the current latest stable branch? Also, its somewhat
weird to clone the entire git repo just to get a json file that then
itself may refer to the git repo.

Another issue is that we'd like the to have some control of what gets
built, at least for the stable builds. Right now we just pull the
gnome-apps-nightly repo and assumes it is correct (i.e nobody commited
an attack to git or MITMed our connection to git.gnome.org), but from
there everything is verified by sha256 on all the various tarballs that
are downloaded. Getting even this level of verification is trickier
when things are spread all across git.gnome.org. Ideally we should have
some kind of gpg signatures for the stable commits so that we can
verify everything from that, but we don't really have that kind of
setup for gnome git.

Anyway, the best we can do now is i think having a git repo, say gnome-
apps-nightly, that has two files in it, listing for each row:
* A git repo
* A branch name
* The filename of the json manifest in the repo
One of the files would be for unstable/nightly builds, and the other
for stable builds.

Then we can make the build scripts check out each of these repos and
build them.

Maintainers can then maintain the manifests in their own git repos, but
will have to commit to gnome-apps-nightly when they add a new app, or
change to a new stable branch. Does that make sense?

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
       alexl redhat com            alexander larsson gmail com 
He's a globe-trotting Catholic dwarf possessed of the uncanny powers of 
an insect. She's a provocative out-of-work bounty hunter with the power 
to see death. They fight crime!

Follow-Ups:
- Re: Gnome Flatpak build system, descriptions and questions
  - From: Michael Catanzaro
- Re: Gnome Flatpak build system, descriptions and questions
  - From: Bastien Nocera

References:
- Gnome Flatpak build system, descriptions and questions
  - From: Alexander Larsson
- Re: Gnome Flatpak build system, descriptions and questions
  - From: Richard Hughes

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]