[PureOS] PureOS Phone images

Guido Günther guido.gunther at puri.sm
Thu Sep 3 00:57:17 PDT 2020


Hi,
On Wed, Sep 02, 2020 at 11:45:59AM -0400, Jeremiah C. Foster wrote:
> On Wed, 2020-09-02 at 14:12 +0200, Guido Günther wrote:
> > > > >   I'll have to go through with improving Laniakea's sync
> > > > > overview page to be less cluttered - at the moment it's quite
> > > > > hard to
> > > > > know what needs merging where ;-) (that's actually the thing I
> > > > > am working on at the moment, since that also gets rid of the
> > > > > last bit of D code and makes deploying Laniakea easier).
> > > > > - Laniakea can theoretically also build packages from Git repos
> > > > > - you'll need a list of repos and signed tags of a certain
> > > > > format in them,
> 
> For clarity - do you mean a "git tag" or another type of tag? I think
> using git tags and signed-off-by lines is standard practice, certainly
> in kernel development, and I strongly feel we should adopt that.
> 
> > > > >  LK will then verify the tag signature 
> 
> Sorry to be pedantic but it helps me to understand. LK will verify the
> git tag and the gpg sig? I can see how verification might be done with
> the gpg sig, e.g. check the keyring, but the git tag might be harder to
> "verify".

Yes, that's what we currently do with our git based builds: Verify the
git tag and make sure the signature is from the 'allowed' keyring. I
think that's what Matthias plans for Laniakea as well.
Cheers,
 -- Guido

> > > > > and send the repo to a
> > > > > worker to create a source package out of that's then auto-
> > > > > uploaded.
> > > > > It's quite neat in concept...
> > > > > ....in practice I would need to get rid of the manual list and
> > > > > actually verify signatures (at the moment anything would be
> > > > > built, so that's really not deployable)
> 
> So we have an opportunity to define the policy and process before we
> put it into code? That sounds like something that is worth discussing
> now before there are tons of packages coming into the repo. :-)
> 
> > > > That would be cool since i'd like to phase out the route via
> > > > arm02 (which allows us to do that for the phone right now) as
> > > > soon as possible - that's also one of the reasons we don't want
> > > > to allow sloppy builds for byzantium.
> > > > Is there a public bug list for PureOS Infra/Laneakia that once
> > > > could follow to learn what's planned, has been discussed?
> 
> <snip>
> 
> > So just to be sure, we *don't* use tracker.pureos.org for that? I was
> > under the impression we'll use that from our discusson on Friday.
> 
> It's my preferred solution to use tracker.pureos.org to track issues in
> Laniakea *and* the various packages that are coming into PureOS. This
> way we can separate concerns (software development issues in Gitlab,
> maintenance and delivery issues in Tracker.) 
> 
> If we have consensus I'm strongly in favor of encouraging this as
> policy.
> 
> Regards,
> 
> Jeremiah



> _______________________________________________
> PureOS-project mailing list
> PureOS-project at lists.puri.sm
> https://lists.puri.sm/listinfo/pureos-project



More information about the PureOS-project mailing list