From Fedora Project Wiki

(add drpm note)
(update for current plan)
Line 5: Line 5:
== Background ==
== Background ==


From time to time urgent updates come along that we would like to push to our users as fast as possible. These include urgent security fixes or updates that fix criticial fuctionality (like the ability to get more updates). We will have a side repo called 'urgent-updates' that contains these fixes for a short time. Packages added to this repo are manually signed and added, then removed a week after the regular updates are pushed to stable.
From time to time urgent updates come along that we would like to push to our users as fast as possible. These include urgent security fixes or updates that fix criticial fuctionality (like the ability to get more updates). We will have a side repo called 'urgent-updates' that contains these fixes for a short time. Packages added to this repo are signed and added, then removed a week after the regular updates are pushed to stable.


== Requirements ==
== Requirements ==
Line 13: Line 13:
* MUST file a releng ticket and indicate that this update should be added to the urgent-updates repo
* MUST file a releng ticket and indicate that this update should be added to the urgent-updates repo


== Things we need to figure out ==
== Prereqs ==  


* Multilib - only x86_64, perhaps we can do this manually?
This is a list of things we need to do to make this policy work:
* Dependencies - package may require something newer in buildroot thats not an update, need to make sure and test it.  
 
* Mirrormanager - should we even use it? would require 1hr to see the changes in repo and make new metalink, and then require mirroring time to get out to mirrors
=== Bodhi ===
* drpms? avoiding them would be much easier.
 
* Some kind of staging of finished repo to test with/check before making live?
* Add an 'Fedora urgent' type to bodhi2 that is like 'Fedora' and 'Fedora EPEL'
* 'Fedora urgent' has the same active branches as 'Fedora'
* Bodhi mashing config for 'Fedora urgent' sets:
** No drpms
** mashes/outputs to a staging repo we can test with before syncing.
 
=== koji ===
 
* Need to add tags, that are locked. releng can tag update(s) into fN-urgent-candidate to allow the maintainer to submit to bodhi (or can themselves).
 
=== fedora-repos package ===
 
* Need to add fedora-N-urgent repo in with just a direct link to master mirrors.
 
=== Infrastructure ===
 
* sync script that can be manually run.  
* empty repo to point fedora-N-urgent to when no updates in it.


== Workflow ==
== Workflow ==
Line 26: Line 43:
* maintainer submits bodhi updates as normal
* maintainer submits bodhi updates as normal
* maintainer (or interested folks) submit releng ticket asking for urgent update addition.  
* maintainer (or interested folks) submit releng ticket asking for urgent update addition.  
* build(s) are signed and added to urgent-updates repo (with multilib/deps?)
* build(s) are tagged into tags, signed and bodhi updates push run.
* releng asks qa to test/confirm updates available.  
* releng asks qa to test urgent repo in staging area.
* mirrormanager updates metalink and updates go to users. (optionally)
* sync to master mirrors.
* after update is in stable for 1 week, remove from urgent-updates repo.
* after update is in stable for 1 week, untag from urgent tags, re-run bodhi push


== References ==
== References ==


https://fedorahosted.org/rel-eng/ticket/5886
https://fedorahosted.org/rel-eng/ticket/5886

Revision as of 21:20, 27 August 2015

Urgent Updates Policy

Important.png
DRAFT
This page is a draft and not approved or in effect

Background

From time to time urgent updates come along that we would like to push to our users as fast as possible. These include urgent security fixes or updates that fix criticial fuctionality (like the ability to get more updates). We will have a side repo called 'urgent-updates' that contains these fixes for a short time. Packages added to this repo are signed and added, then removed a week after the regular updates are pushed to stable.

Requirements

  • MUST be a urgent security or bugfix update (proposed by SRT?)
  • MUST have a regular bodhi update submitted.
  • MUST file a releng ticket and indicate that this update should be added to the urgent-updates repo

Prereqs

This is a list of things we need to do to make this policy work:

Bodhi

  • Add an 'Fedora urgent' type to bodhi2 that is like 'Fedora' and 'Fedora EPEL'
  • 'Fedora urgent' has the same active branches as 'Fedora'
  • Bodhi mashing config for 'Fedora urgent' sets:
    • No drpms
    • mashes/outputs to a staging repo we can test with before syncing.

koji

  • Need to add tags, that are locked. releng can tag update(s) into fN-urgent-candidate to allow the maintainer to submit to bodhi (or can themselves).

fedora-repos package

  • Need to add fedora-N-urgent repo in with just a direct link to master mirrors.

Infrastructure

  • sync script that can be manually run.
  • empty repo to point fedora-N-urgent to when no updates in it.

Workflow

  • update/fix is commited and built.
  • maintainer submits bodhi updates as normal
  • maintainer (or interested folks) submit releng ticket asking for urgent update addition.
  • build(s) are tagged into tags, signed and bodhi updates push run.
  • releng asks qa to test urgent repo in staging area.
  • sync to master mirrors.
  • after update is in stable for 1 week, untag from urgent tags, re-run bodhi push

References

https://fedorahosted.org/rel-eng/ticket/5886

Retrieved from "https://fedoraproject.org/w/index.php?title=Urgent_updates_policy&oldid=421034"