#93: Getting sha256sum published for the cloud images --------------------------------------------------+----------------------- Reporter: kushal | Owner: Type: task | Status: new Priority: normal | Milestone: Fedora 22 Component: Infrastructure & Release Engineering | Keywords: meeting --------------------------------------------------+----------------------- This will help things systemd to search the images provided by Fedora in a standard way using nspawn tool.
Example of such file from ubuntu:
https://cloud-images.ubuntu.com/trusty/current/SHA1SUMS https://cloud-images.ubuntu.com/trusty/current/SHA256SUMS.gpg
#93: Getting sha256sum published for the cloud images --------------------------------------------------+------------------------ Reporter: kushal | Owner: Type: task | Status: new Priority: normal | Milestone: Fedora 22 Component: Infrastructure & Release Engineering | Resolution: Keywords: meeting | --------------------------------------------------+------------------------
Comment (by kushal):
Actually more on verifying the images from the checksums on a standard path.
#93: Getting sha256sum published for the cloud images --------------------------------------------------+------------------------ Reporter: kushal | Owner: Type: task | Status: new Priority: normal | Milestone: Fedora 22 Component: Infrastructure & Release Engineering | Resolution: Keywords: meeting | --------------------------------------------------+------------------------
Comment (by lennart):
BTW, do keep this simple, let's just do SHA256SUMS, and nothing else. i.e. no SHA1SUMS or so.
#93: Getting sha256sum published for the cloud images --------------------------------------------------+------------------------ Reporter: kushal | Owner: Type: task | Status: new Priority: normal | Milestone: Fedora 22 Component: Infrastructure & Release Engineering | Resolution: Keywords: meeting | --------------------------------------------------+------------------------
Comment (by roshi):
Is this what you're looking for?
https://getfedora.org/en/static/checksums/Fedora-Cloud-Images- x86_64-21-CHECKSUM
#93: Getting sha256sum published for the cloud images --------------------------------------------------+------------------------ Reporter: kushal | Owner: Type: task | Status: new Priority: normal | Milestone: Fedora 22 Component: Infrastructure & Release Engineering | Resolution: Keywords: meeting | --------------------------------------------------+------------------------
Comment (by lennart):
Well, yeah, but I want it under a fixed name, not something that changes randomly in every dir.
I want the thing to be named "SHA256SUMS", not "Fedora-Cloud- Images-....-CHECKSUM", so that I know what to download.
Also, I'd really prefer to have the signature in a detached file, like Ubuntu is doing it. That has the benefit that we can first download the SHA256SUMS file to do simple download verifications against corruptions, and then download SHA256SUMS.sig seperately to actually verify that it is signed by the right people.
#93: Getting sha256sum published for the cloud images --------------------------------------------------+------------------------ Reporter: kushal | Owner: Type: task | Status: new Priority: normal | Milestone: Fedora 22 Component: Infrastructure & Release Engineering | Resolution: Keywords: meeting | --------------------------------------------------+------------------------
Comment (by dustymabe):
I'm not going to advocate one way or the other as far as having attached vs detached sig but I think it should be fairly easy to have the tool parse the sum and the sig out of the file and use them separately. This way we could accommodate systems that use the ubuntu style and systems that use the fedora style.
I know leaving it the same would be easier on on releng and other tools that already expect it to be this way. That being said we could easily make it so that the file has a standard name.. We could leave Fedora- Cloud-Images-x86_64-21-CHECKSUM in place and create a new file (symlink) from SHA256SUMS -> Fedora-Cloud-Images-x86_64-21-CHECKSUM or something like that.
#93: Getting sha256sum published for the cloud images --------------------------------------------------+------------------------ Reporter: kushal | Owner: Type: task | Status: new Priority: normal | Milestone: Fedora 22 Component: Infrastructure & Release Engineering | Resolution: Keywords: meeting | --------------------------------------------------+------------------------
Comment (by mattdm):
An alternative (or additional?) approach might be to publish indexes in the "simplestreams" format, as Ubuntu does. See for example https://cloud- images.ubuntu.com/releases/streams/v1/com.ubuntu.cloud:released:download.json (or basically all the examples under https://cloud- images.ubuntu.com/releases/streams/v1/).
(The format doesn't seem to be heavily documented anywhere, but here's Ubuntu's lib: https://launchpad.net/ubuntu/+source/simplestreams)
#93: Getting sha256sum published for the cloud images --------------------------------------------------+--------------------- Reporter: kushal | Owner: Type: task | Status: new Priority: normal | Milestone: Future Component: Infrastructure & Release Engineering | Resolution: Keywords: meeting | --------------------------------------------------+--------------------- Changes (by roshi):
* milestone: Fedora 22 => Future
#93: Getting sha256sum published for the cloud images --------------------------------------------------+--------------------- Reporter: kushal | Owner: Type: task | Status: new Priority: normal | Milestone: Future Component: Infrastructure & Release Engineering | Resolution: Keywords: | --------------------------------------------------+--------------------- Changes (by roshi):
* keywords: meeting =>
#93: Getting sha256sum published for the cloud images --------------------------------------------------+--------------------- Reporter: kushal | Owner: Type: task | Status: new Priority: normal | Milestone: Future Component: Infrastructure & Release Engineering | Resolution: Keywords: | --------------------------------------------------+---------------------
Comment (by mattdm):
FWIW, http://bazaar.launchpad.net/~smoser/simplestreams/trunk/view/head:/doc/READM... documents the simplestreams format. Lennart, might this be something a future systemd-nspawn could use?
#93: Getting sha256sum published for the cloud images --------------------------------------------------+--------------------- Reporter: kushal | Owner: Type: task | Status: new Priority: normal | Milestone: Future Component: Infrastructure & Release Engineering | Resolution: Keywords: | --------------------------------------------------+---------------------
Comment (by mattdm):
Oh, see also: https://fedorahosted.org/rel-eng/ticket/5805 (a request for the virt-builder index.asc format).
#93: Getting sha256sum published for the cloud images --------------------------------------------------+--------------------- Reporter: kushal | Owner: Type: task | Status: new Priority: normal | Milestone: Future Component: Infrastructure & Release Engineering | Resolution: Keywords: | --------------------------------------------------+---------------------
Comment (by lennart):
Replying to [comment:9 mattdm]:
FWIW,
http://bazaar.launchpad.net/~smoser/simplestreams/trunk/view/head:/doc/READM... documents the simplestreams format. Lennart, might this be something a future systemd-nspawn could use?
These "simplestreams" stuff doesn't appear so simple to me ;-)
I think I like the concepts from the ACI spec better regarding image discovery, but simple streams would work too, I don't care too much.
#93: Getting sha256sum published for the cloud images --------------------------------------------------+--------------------- Reporter: kushal | Owner: Type: task | Status: new Priority: normal | Milestone: Future Component: Infrastructure & Release Engineering | Resolution: Keywords: | --------------------------------------------------+---------------------
Comment (by mattdm):
Replying to [comment:11 lennart]:
These "simplestreams" stuff doesn't appear so simple to me ;-)
To me either. :) Richard's ini-style index.asc files are much more human readable, but the simplestreams format has among its advantages "already widely in use for another big distro" and it seems like the best candidate for eventually getting most everyone to do the same thing. I haven't looked at the ACI discovery spec but I'll take a look.
#93: Getting sha256sum published for the cloud images --------------------------------------------------+--------------------- Reporter: kushal | Owner: Type: task | Status: new Priority: normal | Milestone: Future Component: Infrastructure & Release Engineering | Resolution: Keywords: | --------------------------------------------------+---------------------
Comment (by bkorren):
Any chance of seeing any sore of index file for the images soon?
#93: Getting sha256sum published for the cloud images --------------------------------------------------+--------------------- Reporter: kushal | Owner: Type: task | Status: new Priority: normal | Milestone: Future Component: Infrastructure & Release Engineering | Resolution: Keywords: | --------------------------------------------------+--------------------- Changes (by bkorren):
* cc: bkorren@… (added)
#93: Getting sha256sum published for the cloud images --------------------------------------------------+--------------------- Reporter: kushal | Owner: Type: task | Status: new Priority: normal | Milestone: Future Component: Infrastructure & Release Engineering | Resolution: Keywords: | --------------------------------------------------+---------------------
Comment (by pbrobinson):
This should actually be filed as a RFE to pungi. That is the tool that generates all the various release components and outputs the current checksum format files. It's the proper place for a RFE to be filed that would be actioned by rel-eng.
cloud@lists.stg.fedoraproject.org