[Packaging][Release] Use Debian/RPM type Artifactory repositories instead of General type Artifactory repository #37350
Comments
This was referenced Aug 24, 2023
kou
added a commit
that referenced
this issue
Aug 25, 2023
### Rationale for this change If we remove them, users can't use Yum repositories for unsupported distributions such as Amazon Linux 2. ### What changes are included in this PR? This keeps garbage in repodata/* but we can accept it because we'll migrate to Debian/RPM type repositories eventually. We don't manage repodata/* by ourselves after we migrate to Debian/RPM type repositories. See also: GH-37350 ### Are these changes tested? No. I hope that this works. ### Are there any user-facing changes? Yes. * Closes: #37334 Authored-by: Sutou Kouhei <kou@clear-code.com> Signed-off-by: Sutou Kouhei <kou@clear-code.com>
loicalleyne
pushed a commit
to loicalleyne/arrow
that referenced
this issue
Nov 13, 2023
…apache#37351) ### Rationale for this change If we remove them, users can't use Yum repositories for unsupported distributions such as Amazon Linux 2. ### What changes are included in this PR? This keeps garbage in repodata/* but we can accept it because we'll migrate to Debian/RPM type repositories eventually. We don't manage repodata/* by ourselves after we migrate to Debian/RPM type repositories. See also: apacheGH-37350 ### Are these changes tested? No. I hope that this works. ### Are there any user-facing changes? Yes. * Closes: apache#37334 Authored-by: Sutou Kouhei <kou@clear-code.com> Signed-off-by: Sutou Kouhei <kou@clear-code.com>
|
The automated release signing guideline: https://infra.apache.org/release-signing.html#automated-release-signing |
|
Can we use the default signing key for Debian/RPM Package Type repositories to release "official" artifacts? |
|
Our build process must be reproducible build. It must be verified by the Apache Security Team. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the enhancement requested
Background
We're using a "General" type Artifactory repository to provide APT/Yum repositories. We generate metadata for APT/Yum repositories' by ourself. Recently, we sometimes get 403 Forbidden errors when we use APT repository in the "general" type Artifactory repository. See also #35292.
INFRA asked JFrog this. See also https://issues.apache.org/jira/browse/INFRA-24569 .
JFrog recommended to migrate to a "Debian" type Artifactory repository. INFRA (not JFrog) also said that "Generic" type Artifactory repository isn't suitable for APT repository.
Compatibility
I already created https://apache.jfrog.io/ui/repos/tree/General/arrow-debian?projectKey=arrow and https://apache.jfrog.io/ui/repos/tree/General/arrow-rpm?projectKey=arrow repositories but I don't do anything yet.
If we use "Debian"/"RPM" type repositories instead of the current "General" type repository, users need to change their configuration. I want to avoid it as much as possible. We're providing
apache-arrow-apt-sourcepackage for APT repository andapache-arrow-releasepackage for Yum repository. I hope that we can implement a safe migration (users don't need to change anything. users just need to runapt update/dnf updateas usual.) by using them.See also
Component(s)
Packaging, Release
The text was updated successfully, but these errors were encountered: