Difference between revisions of "User:Dennisvd@nikhef.nl/SoftwareOverview"

From PDP/Grid Wiki
Jump to navigationJump to search
 
(One intermediate revision by the same user not shown)
Line 69: Line 69:
 
! scope="row" rowspan=5| Distribution
 
! scope="row" rowspan=5| Distribution
 
|
 
|
* mwsec repository
+
The built packages are collected in repositories for automated download and installation. Besides the local Nikhef repository,
* EMI, IGE, UMD and other middleware integrators
+
the packages are integrated downstream by middleware projects such as
* Fedora, EPEL, Debian, Ubuntu
+
* EMI,
 +
* IGE,
 +
* UMD and
 +
* OSG.
 +
A subset of the packages is submitted for integration in mainline distributions such as
 +
* Fedora,  
 +
* EPEL,  
 +
* Debian and
 +
* Ubuntu
 +
Packages and repositories are GPG signed where possible.
 
|
 
|
koji tags, sigul, mash, signed repositories, dput
 
 
* write Release notes and announce on [https://mailman.nikhef.nl/mailman/listinfo/grid-mw-security-announce the announce mailing list].
 
* write Release notes and announce on [https://mailman.nikhef.nl/mailman/listinfo/grid-mw-security-announce the announce mailing list].
 
|-
 
|-
 
! colspan=2| RPM
 
! colspan=2| RPM
 
|-
 
|-
| resources for RPM distribution
+
|
| procedures for RPM distribution
+
The koji builds that are ready for release are tagged, so they can be automatically picked up by mash.
 +
The signing system '''sigul.testbed''' is set up to sign all the RPMs belonging to a release tag.
 +
|
 +
* tag a build either ''testing'' or ''release''
 +
* move a package from ''testing'' to ''release''
 +
* sigulsign_mwsec.py the tag
 +
* write out the signed RPMs
 +
* update the mash repository
 +
* sync to '''software.nikhef.nl'''
 
|-
 
|-
 
! colspan=2| Debian
 
! colspan=2| Debian
 
|-
 
|-
| resources for Debian distribution
+
|
| procedures for Debian distribution
+
The Debian packages are already signed by the packager. The packages are delivered to the reprepro repository on ref-debian6-64.testbed. This repository is signed with an automatic signing key.
 +
|
 +
* dput the .changes files to the right distribution
 +
* sync to '''software.nikhef.nl'''
 
|}
 
|}

Latest revision as of 23:30, 17 January 2013

Cheat Sheet

The following table gives an overview of the workflow and procedures involving development and delivery of our software.

resources procedures
Source
  • Before tagging, go through the mandatory checklist:
    • Update configure.ac with the right version
    • make distcheck
    • Update the files BUGS, INSTALL, NEWS, README
    • svn update ; svn log -v > ChangeLog
    • commit to SVN
  • Prior to preparing a release, the software should be tagged.
Release

Releasing the tarball requires interaction with several testbed machines. Make good use of the fact that they share the home directories.

  • svn export svn+ssh://svn@ndpfsvn.nikhef.nl/repos/mwsec/tags/component/tag component_tag
  • Run bootstrap on fc17.testbed, to use the newest possible automake/autoconf
  • Run 'make dist' on mwsecbuild.testbed; this machine has all the required dependencies for a build
Packaging RPM

Generating RPM packages

Debian

To do Debian packaging you need to set up a work environment with the right toolchain. This can be on a local Debian machine, such as a Virtual machine, or through a testbed machine such as debian.testbed.

  • The debian directories are maintained separately from their components in SVN. svn-buildpackage will merge the directory with the source tarball.
  • The central build machine for Debian is ref-debian6-64.testbed. It has a cowbuilder configuration to build for various Debian-style distributions.

See SAC_Debian_packaging.

Generating Debian packages

  • check out the component directory
  • download the original tarball
  • generate an initial source package for the UNRELEASED distribution
  • prepare all required backports
  • start cowpoke for each backport
Distribution

The built packages are collected in repositories for automated download and installation. Besides the local Nikhef repository, the packages are integrated downstream by middleware projects such as

  • EMI,
  • IGE,
  • UMD and
  • OSG.

A subset of the packages is submitted for integration in mainline distributions such as

  • Fedora,
  • EPEL,
  • Debian and
  • Ubuntu

Packages and repositories are GPG signed where possible.

RPM

The koji builds that are ready for release are tagged, so they can be automatically picked up by mash. The signing system sigul.testbed is set up to sign all the RPMs belonging to a release tag.

  • tag a build either testing or release
  • move a package from testing to release
  • sigulsign_mwsec.py the tag
  • write out the signed RPMs
  • update the mash repository
  • sync to software.nikhef.nl
Debian

The Debian packages are already signed by the packager. The packages are delivered to the reprepro repository on ref-debian6-64.testbed. This repository is signed with an automatic signing key.

  • dput the .changes files to the right distribution
  • sync to software.nikhef.nl