Bigtop
  1. Bigtop
  2. BIGTOP-1243

Add Vendor and Signature in RPM information

    Details

    • Type: Improvement Improvement
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: backlog
    • Fix Version/s: None
    • Component/s: rpm
    • Labels:
      None

      Description

      Bigtop may be improved to include vendor and signature in RPM information.
      The vendor and signature should come from BOM and its value is not hard-coded.

      existing behavior:

      $ rpm -qi bigtop-jsvc-1.0.10-1.el6.x86_64
      Version : 1.0.10 Vendor: (none)
      Signature : (none)

      expected behavior:
      $ rpm -qi bigtop-jsvc-1.0.10-1.el6.x86_64
      Version : 1.0.10 Vendor: (Bigtop)
      Signature : (scm information)

        Activity

        Hide
        Roman Shaposhnik added a comment -

        Is there a patch coming for this one? Wenwu Peng ?

        Show
        Roman Shaposhnik added a comment - Is there a patch coming for this one? Wenwu Peng ?
        Hide
        Peter Linnell added a comment -

        The proper way to add a signature with rpm is for us to use a signing key signed by several members of the PMC, which authenticates the bits.

        Then we would need to add an rpm which imports the keys properly into the rpm key chain.

        This is not difficult to do, but be aware the private key would need to be on the build machines.

        Show
        Peter Linnell added a comment - The proper way to add a signature with rpm is for us to use a signing key signed by several members of the PMC, which authenticates the bits. Then we would need to add an rpm which imports the keys properly into the rpm key chain. This is not difficult to do, but be aware the private key would need to be on the build machines.
        Hide
        Wenwu Peng added a comment -

        create a sub-task to "Add Vendor in RPM information"

        Show
        Wenwu Peng added a comment - create a sub-task to "Add Vendor in RPM information"
        Hide
        Guo Ruijing added a comment -

        We can add vendor and scm information in bigtop.mk and RPM spec pull information from bigtop.mk like:

        VENDOR = apache bigtop

        HADOOP_SCM = http://apache.osuosl.org/hadoop-2.3.0-src.tar.gz

        HBASE_SCM = http://apache.osuosl.org/hbase-0.96.0-src.tar.gz

        Show
        Guo Ruijing added a comment - We can add vendor and scm information in bigtop.mk and RPM spec pull information from bigtop.mk like: VENDOR = apache bigtop HADOOP_SCM = http://apache.osuosl.org/hadoop-2.3.0-src.tar.gz HBASE_SCM = http://apache.osuosl.org/hbase-0.96.0-src.tar.gz
        Hide
        Wenwu Peng added a comment - - edited

        could you share how to fix Signature : (scm information) in RPM .SPEC? I can work on this patch

        Show
        Wenwu Peng added a comment - - edited could you share how to fix Signature : (scm information) in RPM .SPEC? I can work on this patch
        Hide
        Wenwu Peng added a comment -

        +1

        Show
        Wenwu Peng added a comment - +1
        Hide
        Andrew Purtell added a comment -

        Sounds good. Do you have a patch?

        Show
        Andrew Purtell added a comment - Sounds good. Do you have a patch?
        Guo Ruijing created issue -

          People

          • Assignee:
            Unassigned
            Reporter:
            Guo Ruijing
          • Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:

              Development