Add pungi-like composeinfo metadata and modify readme

This commit is contained in:
Louis Abel 2022-07-12 01:57:25 -07:00
parent 8017026bc8
commit f1fbcff0ef
Signed by untrusted user: label
GPG key ID: B37E62D143879B36
3 changed files with 64 additions and 10 deletions

View file

@ -1,25 +1,28 @@
These set of repositories (or "compose") is for {{ fullname }} and was generated
using Empanadas {{ version }} from the SIG/Core Toolkit.
As this is not a traditional compose, there will be things that you might be
expecting and do not see, or not expecting and do see. While we attempted to
recreate a lot of those elements, it's not perfect. In the future, we do plan on
having more metadata and providing client libraries that can ingest this type
of metadata that we produce for easy consumption.
As this is not a traditional compose (via pungi), there will be things that you
might be expecting and do not see, or not expecting and do see. While we
attempted to recreate a lot of those elements, it's not perfect and we don't
expect that it ever will be. With that being said, in the future, we do plan on
having more metadata and providing client libraries that can ingest this type of
metadata that we produce for easy consumption, on top of extending what our
metadata provides.
# Notes #
## Checksums ##
CHECKSUM Validation: https://github.com/rocky-linux/checksums
https://git.resf.org/rocky-linux/checksums (mirror)
Traditionally, we would "sign" the checksum files with the current GPG key of a
major release. However, due to how the new build system operates and for
ensuring strong security within the build system as it pertains the signing
keys, this is no longer possible. It was determined by SIG/Core or Release
Engineering to instead provide verified signed commits using our keys with
RESF/Rocky Linux email domain names to a proper git repository. Our signing keys
are attached to our GitHub and RESF Git Service profiles.
ensuring strong security within the new build ecosystem as it pertains the
signing keys, this is no longer a viable approach. It was determined by SIG/Core
(or Release Engineering) to instead provide verified signed commits using our
keys with RESF/Rocky Linux email domain names to a proper git repository. Our
signing keys are attached to our GitHub and RESF Git Service profiles.
If you are looking for "verification" of the ISO checksums and were expecting a
`CHECKSUM.sig`, it is highly recommended to visit the link above instead.

View file

@ -962,6 +962,17 @@ class RepoSync:
metadata_dir + '/metadata'
)
# TODO: Add in each repo and their corresponding arch.
productmd_date = self.date_stamp.split('.')[0]
Shared.composeinfo_write(
metadata_dir + '/composeinfo',
self.distname,
self.shortname,
self.fullversion,
'updates',
productmd_date
)
self.log.info(Color.INFO + 'Metadata files phase completed.')
# Deploy README to metadata directory

View file

@ -919,3 +919,43 @@ class Shared:
repolist.append(repodata)
return repolist
@staticmethod
def composeinfo_write(
file_path,
distname,
shortname,
release,
release_type,
datestamp,
arches: list = [],
repos: list = []
):
"""
Write compose info similar to pungi.
arches and repos may be better suited for a dictionary. that is a
future thing we will work on for 0.3.0.
"""
cijson = file_path + '.json'
ciyaml = file_path + '.yaml'
ci = productmd.composeinfo.ComposeInfo()
ci.release.name = distname
ci.release.short = shortname
ci.release.version = release
ci.release.type = release_type
ci.compose.id = '{}-{}-{}'.format(shortname, release, datestamp)
ci.compose.type = "production"
ci.compose.date = datestamp
ci.compose.respin = 0
ci.dump(cijson)
with open(cijson, 'r') as cidump:
jsonData = json.load(cidump)
cidump.close()
with open(ciyaml, 'w+') as ymdump:
yaml.dump(jsonData, ymdump)
ymdump.close()