From Fedora Project Wiki

(some tweaks)
(add some time notes)
 
(4 intermediate revisions by 2 users not shown)
Line 5: Line 5:
 
== Background ==
 
== Background ==
  
From time to time urgent updates come along that we would like to push to our users as fast as possible. These include urgent security fixes or updates that fix criticial fuctionality (like the ability to get more updates). We will have a side repo called 'urgent-updates' that contains these fixes for a short time. Packages added to this repo are manually signed and added, then removed a week after the regular updates are pushed to stable.
+
From time to time urgent updates come along that we would like to push to our users as fast as possible. These include urgent security fixes or updates that fix criticial fuctionality (like the ability to get more updates). We will have a side repo called 'urgent-updates' that contains these fixes for a short time. Packages added to this repo are signed and added, then removed a week after the regular updates are pushed to stable.
  
 
== Requirements ==
 
== Requirements ==
  
* MUST be a urgent security or bugfix update (proposed by STR?)
+
* MUST be a urgent security or bugfix update (proposed by SRT?)
 
* MUST have a regular bodhi update submitted.  
 
* MUST have a regular bodhi update submitted.  
 
* MUST file a releng ticket and indicate that this update should be added to the urgent-updates repo
 
* MUST file a releng ticket and indicate that this update should be added to the urgent-updates repo
  
== Things we need to figure out ==
+
== Prereqs ==  
  
* Multilib
+
This is a list of things we need to do to make this policy work:
* Dependencies
+
 
* Mirrormanager
+
=== Bodhi ===
 +
 
 +
* Add an 'Fedora urgent' type to bodhi2 that is like 'Fedora' and 'Fedora EPEL'
 +
* 'Fedora urgent' has the same active branches as 'Fedora'
 +
* Bodhi mashing config for 'Fedora urgent' sets:
 +
** No drpms
 +
** mashes/outputs to a staging repo we can test with before syncing.
 +
 
 +
=== koji ===
 +
 
 +
* Need to add tags, that are locked. releng can tag update(s) into fN-urgent-candidate to allow the maintainer to submit to bodhi (or can themselves).
 +
 
 +
=== fedora-repos package ===
 +
 
 +
* Need to add fedora-N-urgent repo in with just a direct link to master mirrors.
 +
 
 +
=== Infrastructure ===
 +
 
 +
* sync script that can be manually run.
 +
* empty repo to point fedora-N-urgent to when no updates in it.
  
 
== Workflow ==
 
== Workflow ==
Line 24: Line 43:
 
* maintainer submits bodhi updates as normal
 
* maintainer submits bodhi updates as normal
 
* maintainer (or interested folks) submit releng ticket asking for urgent update addition.  
 
* maintainer (or interested folks) submit releng ticket asking for urgent update addition.  
* build(s) are signed and added to urgent-updates repo (with multilib/deps?)
+
* build(s) are tagged into tags, signed and bodhi updates push run. (should be fast, small repo, no drpms)
* releng asks qa to test/confirm updates available.
+
* releng asks qa to test urgent repo in staging area. (needs human intervention/testing)
* mirrormanager updates metalink and updates go to users.  
+
* sync to master mirrors. (just a few minutes)
* after update is in stable for 1 week, remove from urgent-updates repo.
+
* after update is in stable for 1 week, untag from urgent tags, re-run bodhi push
  
 
== References ==
 
== References ==
  
 
https://fedorahosted.org/rel-eng/ticket/5886
 
https://fedorahosted.org/rel-eng/ticket/5886

Latest revision as of 21:38, 27 August 2015

Urgent Updates Policy

Important.png
DRAFT
This page is a draft and not approved or in effect

Background

From time to time urgent updates come along that we would like to push to our users as fast as possible. These include urgent security fixes or updates that fix criticial fuctionality (like the ability to get more updates). We will have a side repo called 'urgent-updates' that contains these fixes for a short time. Packages added to this repo are signed and added, then removed a week after the regular updates are pushed to stable.

Requirements

  • MUST be a urgent security or bugfix update (proposed by SRT?)
  • MUST have a regular bodhi update submitted.
  • MUST file a releng ticket and indicate that this update should be added to the urgent-updates repo

Prereqs

This is a list of things we need to do to make this policy work:

Bodhi

  • Add an 'Fedora urgent' type to bodhi2 that is like 'Fedora' and 'Fedora EPEL'
  • 'Fedora urgent' has the same active branches as 'Fedora'
  • Bodhi mashing config for 'Fedora urgent' sets:
    • No drpms
    • mashes/outputs to a staging repo we can test with before syncing.

koji

  • Need to add tags, that are locked. releng can tag update(s) into fN-urgent-candidate to allow the maintainer to submit to bodhi (or can themselves).

fedora-repos package

  • Need to add fedora-N-urgent repo in with just a direct link to master mirrors.

Infrastructure

  • sync script that can be manually run.
  • empty repo to point fedora-N-urgent to when no updates in it.

Workflow

  • update/fix is commited and built.
  • maintainer submits bodhi updates as normal
  • maintainer (or interested folks) submit releng ticket asking for urgent update addition.
  • build(s) are tagged into tags, signed and bodhi updates push run. (should be fast, small repo, no drpms)
  • releng asks qa to test urgent repo in staging area. (needs human intervention/testing)
  • sync to master mirrors. (just a few minutes)
  • after update is in stable for 1 week, untag from urgent tags, re-run bodhi push

References

https://fedorahosted.org/rel-eng/ticket/5886