skip
/
SIG-FastTrack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
SIG-FastTrack scratchpad for docs and such
3 Commits 1 Branch 0 Tags 32 KiB
Go to file
Skip Grube 5ca3ee8f3f Fixed open questions, added repo information 2023-08-07 02:58:04 +00:00
README.md Fixed open questions, added repo information 2023-08-07 02:58:04 +00:00

README.md

Rocky Linux SIG/FastTrack

An RPM bazaar, not an RPM cathedral

SIG-FastTrack is a place for new packages and enhancements/upgrades to existing Rocky packages. To end-users, it will be 2 "no warranty, you break it you buy it" repositories that can be enabled to enhance their Rocky Linux installs with new and updated packages. This is a great way to provide optional much-needed functionality for Rocky users, while not interfering with the core distro's compatibility promises.

Contribution Guidelines

Philosophically, this SIG should be wide open to contributions, with much less rigor or vetting than something like EPEL. Newer versions of existing Rocky Linux packages, as well as brand new packages are both welcome. The philosophy of this SIG is: We don't need reasons to add a contribution, we need reasons to not add it.

Having said that, we can't have absolute anarchy. There must be some kind of a guideline to what can and cannot be accepted.

Possible Reasons a Package Cannot be Added to FastTrack:

  • It breaks or conflicts with the existing Rocky Repositories. The FastTrack repos may provide RHEL-incompatible packages and updates, but they should never break DNF. If a user gets dependency or other DNF errors by running dnf update or dnf install , then the FastTrack package must be pulled or fixed.

  • It changes a "core functionality" package in a questionable way, especially security-related. The definition of "core" package here is a judgment call made by SIG leadership. These are things like OpenSSL, OpenSSH, nss, glibc, rpm, etc. We don't want to put users at risk by fundamentally warping the way their Rocky system works and introducing issues. It may be possible to work around this by introducing an additional non-conflicting package version. Example: if you're interested in packaging openssl-3.0.7 to Rocky 8, you wouldn't simply override the base openssl-1.1.1k which everything depends on. Instead, you might create a separate compatible package, "openssl-compat-307", which contains the newer library without conflicting with any files or library paths in the default openssl.

  • It introduces a severe security risk. This is again a judgment call made by the SIG as a whole. Generally this refers to extreme, remotely-exploitable security issues, usually 9.8 - 10 on the CVE/CVSS scale. If your package installs a listening daemon that is activated and allows remote commands without authentication, for example, that would be a clear reason not to have it available.

  • It already exists in EPEL, RPMFusion, or another common 3rd-party repo. The intention of this SIG is to provide as much "new and cool" stuff to Rocky Linux users as possible. If people can already get software from one of the popular 3rd-party repos, that's probably the best place to go. Something we'd like to see as this SIG progresses is to use the initial work done here and add it to one of these more established repositories.

    • Exception to the "already exists" guideline: If the duplicate package is a dependency, and we need it in order to build the new package that we actually want to publish

  • It clearly belongs in another SIG. The goal of this SIG is to be a "catchall" for new or enhanced Enterprise Linux packages. However, many times a package clearly doesn't belong in FastTrack, but in another SIG already set up around that package's area. Enhanced kernels should probably go in SIG/Kernel, embedded or single-board specific packages should go in SIG/AltArch, etc.

Outside of these listed areas, if someone puts in the effort to build and test a package against Rocky Linux, and it helps users in some way, it ought to be a welcome inclusion in this SIG.


Submitting New Packages

To fill in.

TLDR: open an issue in https://git.resf.org/sig_fasttrack/meta/issues

Always great to talk about things, plans, challenges, etc. in https://chat.rockylinux.org/rocky-linux/channels/sig-fasttrack


Git Storage and Branching

To fill in

TLDR:

  • Packages stored in: https://git.rockylinux.org/sig/fasttrack/src/PKG

  • Wiki/docs/OtherInfo stored in: https://git.resf.org/sig_fasttrack/*

  • https://git.rockylinux.org/sig/fasttrack/{rpms,patch} also exist. Peridot imports src/PKG --> rpms/PKG

  • Peridot will be doing package builds and publish, in accordance with other SIGs. One Peridot project per major Rocky version (FastTrack-8, FastTrack-9, etc.).

  • Maintainers should have commit control over git.rockylinux.org/sig/fasttrack/src/PKG/ . And be able to take merge requests, add new versions, etc.

  • Fedora packaging guidelines followed as close as is practical. With the understanding that much of the Rocky community is still learning packaging best practices, and nothing is perfect first try. Iterative package improvements will happen as our community gains more experience.


Pull Requests

Pull requests are always welcome against package sources (git.rockylinux.org/sig/fasttrack/src/PKG/ ). It's up to maintainer(s) or SIG admins to accept/deny requests and maintain quality.

Pull requests should never violate the guidelines listed above (like introduce a massive security hole, or conflict with stock Rocky Linux packages).


Builds

Builds done in Peridot, can test locally in Mock, against BaseOS+AppStream+CRB+Devel, plus the SIG-FastTrack packages themselves of course. Mock configs matching what is done in Peridot should be provided, so contributors can easily develop/test on their own machines as well.


Repositories

3 repositories should be defined: FastTrack-Updates , FastTrack-New , and FastTrack-common.

Updates are newer versions of stock Rocky packages. New consists of new packages entirely.

It's an open question whether the -Updates repository should be enabled by default when a user installs the SIG-FastTrack-Release package.