On Mon, 2018-04-16 at 09:00 -0400, Neal Gompa wrote: > On Mon, Apr 16, 2018 at 8:47 AM, Jonathan Dieter <jdie...@gmail.com> wrote: > > I've also added zchunk support to createrepo_c (see > > https://github.com/jdieter/createrepo_c), but I haven't yet created a > > pull request because I'm not sure if my current implementation is the > > best method. My current effort only zchunks primary.xml, filelists.xml > > and other.xml and doesn't change the sort order. > > > > Fedora COPR, Open Build Service, Mageia, and openSUSE also append > AppStream data to repodata to ship AppStream information. Is there a > way we can incorporate this into zck rpm-md? There's been an issue for > a while to support generating the AppStream metadata as part of the > createrepo_c run using the libappstream-builder library[1], which may > lend itself to doing this properly.
Is it repomd.xml that actually gets changed or primary.xml / filelists.xml / other.xml? If it's repomd.xml, then it really shouldn't make any difference because I'm not currently zchunking it. As far as I can see, the only reason to zchunk it would be to have an embedded GPG signature once they're supported in zchunk. > > The one area of zchunk that still needs some API work is the download > > and chunk merge API, and I'm planning to clean that up as I add zchunk > > support to librepo. > > > > Some things I'd still like to add to zchunk: > > * A python API > > * GPG signatures in addition to (possibly replacing) overall data > > checksum > > I'd rather not lose checksums, but GPG signatures would definitely be > necessary, as openSUSE needs them, and we'd definitely like to have > them in Fedora[2], COPR[3], and Mageia[4]. Fair enough. Would we want zchunk to support multiple GPG signatures or is one enough? > > * An expiry field? (I'm obviously thinking about signed repodata here) > > Do we need an expiry field if we properly processed the key > revocation/expiration in librepo? My understanding is that current > hiccup with it is that we don't, and that the GPG keyring used in > librepo is independent of the RPM keyring (which it shouldn't be). Ah, that makes sense. Forget that idea then. Jonathan _______________________________________________ Rpm-ecosystem mailing list Rpm-ecosystem@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-ecosystem
