Emaldonado (talk | contribs) |
Emaldonado (talk | contribs) |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 23: | Line 23: | ||
(If you haven't done so add ourself to the mock group usermod -a -G mock myusername) | (If you haven't done so add ourself to the mock group usermod -a -G mock myusername) | ||
=== Use Mock inside your git sandbox to build nspr and nss === | === Use Mock inside your git sandbox to build nspr and nss === | ||
Set the environment variables: nspr_version, nspr_release, nss_version, nss_release, target, and arch | |||
Build the packages, the nss build will take some time because we run all tests. | |||
Install the built packages and then built the client packages. | |||
Once it succeeds and installs okay you could try a client application | Once it succeeds and installs okay you could try a client application | ||
Now we are confident that the real builds will work for both nss and its clients. | |||
Once the build succeeds wait for all packages to be in the build root. | |||
Now we are confident that the real builds will work | |||
This can be repeated with the stable branches. | |||
=== Useful Scripts === | |||
Some degree of automation for the process above is needed. | |||
To that effect, there are some python scripts in a git repository. | |||
They are adapted from scripts written by Kevin Wright for ipa and dogtag. | |||
This is still a work in progress so please ignore the python scripts for now. | |||
git clone git://fedorapeople.org/~emaldonado/nssmockbuilds4fedora.git | |||
=== Comments and Discussion === | === Comments and Discussion === | ||
* See [[Talk:Updating_NSS]] | * See [[Talk:Updating_NSS]] | ||
Latest revision as of 17:20, 7 February 2013
Here we describe updates that are a rebase of NSS where all three packages need to be be updated. Most updates are simply new releases to incorporate downstream patches, usually for nss only, and may not require all the special precautions that are described here. The rationale for the split of softokn off from nss that occurred in 3.12.4 is described here https://fedoraproject.org/wiki/Features/SplitSoftoknFromNSS.
For a full update of three packages you will need to build them in this order: nss-util, nss-softokn, and nss. On some occassions nspr would be part of the bundle and must be built first.
In Rawhide the buildroot is updated frequently and we also have chained builds. This is not the case on the stable branches - or on the branch for the next fedora release after the alpha branching. In these cases one must wait for one package to be tagged into the buildroot before one can build the subsequent one. Often you will have some urgency. The procedures is to open a ticket asking that the package you built be added to the buildroot and wait until so to proceed to the next one.
WARNING 1: Don't try shortcuts. Do not introduce a BuildRequire that is lower than the Require just so to be able to build the next package right away. It may build but will likely cause breakage later on when you try to install and some package that depends on nss or any of its siblings will fail to install or to build. All three packages have devel sub-packages. The version used for BuildRequire must the one used for Requires.
One must coordinate with release engineering to progressively add packages to the buildroot. It takes waiting. Furthermore, before sending request to release engineering one must get some assurance that all builds will succeed and and will not cause conflicts and avoid repeated requests. Preflight and testing are necessary.
Scratch builds do not help in testing because they will not get installed into the buildroot and we are building several packages which depend on previous ones.
One approach could be to use multiple system builds and installs in various VM's. Once you have downloaded the packages, a 'yum --nogpgcheck localupdate packages-we-have-so-far' is one way to accomplish this. All dependencies must be satisfied and no conflicts shuould result.
A better way is to do mockbuilds and add the packages to our local buildroot as we go along. http://fedoraproject.org/wiki/Using_Mock_to_test_package_builds#Building_packages_that_depend_on_packages_not_in_a_repository
Let's expand on how we can follow the procedure outlined above for NSS.
Building nspr, nss-util, nss-sfotoken, and nss-util using mock
(If you haven't done so add ourself to the mock group usermod -a -G mock myusername)
Use Mock inside your git sandbox to build nspr and nss
Set the environment variables: nspr_version, nspr_release, nss_version, nss_release, target, and arch Build the packages, the nss build will take some time because we run all tests. Install the built packages and then built the client packages. Once it succeeds and installs okay you could try a client application Now we are confident that the real builds will work for both nss and its clients. Once the build succeeds wait for all packages to be in the build root.
This can be repeated with the stable branches.
Useful Scripts
Some degree of automation for the process above is needed. To that effect, there are some python scripts in a git repository. They are adapted from scripts written by Kevin Wright for ipa and dogtag. This is still a work in progress so please ignore the python scripts for now.
git clone git://fedorapeople.org/~emaldonado/nssmockbuilds4fedora.git