* Pavel Raiskup:
> I'm happy to share that we now have a Konflux Pipeline for building Fedora
> packages. Ralph wrote a blog post about it today on the containers-sig:
>
>
> https://discussion.fedoraproject.org/t/konflux-fedora-update-may-2025/154784
>
> The code lives here:
>
> https://gitlab.com/fedora/infrastructure/konflux/rpmbuild-pipeline
>
> Feel free to experiment, contribute, report bugs, and get involved!
Are there plans to build this from source for Fedora?
To illustrate what I mean, lets look at pipeline/build-rpm-package.yaml
in the Git repository above. It contains this reference:
- name: bundle
value:
quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:e5115f5aac1a88e79ca4862852ef2bc1b84549e1179a28ebbc0e3dc0448ddfa8
This container contains a JSON file, which refers to another container:
"image":
"quay.io/konflux-ci/appstudio-utils:8f9f933d7b0b57e37b96fd34698c92c785cfeadc@sha256:924eb1680b6cda674e902579135a06b2c6683c3cc1082bbdc159a4ce5ea9f4df",
"name": "appstudio-summary",
"script": "#!/usr/bin/env bash\necho\necho \"Build
Summary:\"\necho\necho \"Build repository: $GIT_URL\"\nif [
\"$BUILD_TASK_STATUS\" == \"Succeeded\" ]; then\n echo \"Generated Image is in
: $IMAGE_URL\"\nfi\nif [ -e \"$SOURCE_BUILD_RESULT_FILE\" ]; then\n url=$(jq
-r \".image_url\" <\"$SOURCE_BUILD_RESULT_FILE\")\n echo \"Generated Source
Image is in : $url\"\nfi\necho\necho End Summary\n"
The image stores some information about how it was built:
podman inspect
quay.io/konflux-ci/appstudio-utils:8f9f933d7b0b57e37b96fd34698c92c785cfeadc@sha256:924eb1680b6cda674e902579135a06b2c6683c3cc1082bbdc159a4ce5ea9f4df
From this, we can see that jq is directly downloaded from upstream:
{
"created": "2025-04-25T10:35:27.082792891Z",
"created_by": "/bin/sh -c curl -L
https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-amd64
"empty_layer": true
},
(This isn't even a stable URL from Github's perspective, maintainers can
republish releases.)
This binary was built on Ubuntu:
$ strings -a usr/bin/jq | grep GCC
GCC: (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
The Conforma tool was copied from … somewhere:
{
"created": "2025-04-25T10:35:25.723661253Z",
"created_by": "/bin/sh -c #(nop) COPY
file:5af45336502ac35ee3e6db92412ca0558407f4312b62e306fbd62d75ebd0fa6b in
/usr/bin/ec.gz ",
"empty_layer": true
},
{
"created": "2025-04-25T10:35:26.608645496Z",
"created_by": "/bin/sh -c gunzip /usr/bin/ec.gz && chmod +x
/usr/bin/ec",
"empty_layer": true
},
This does not seem to be a hash of an upstream release. It self-reports
as v0.7.51, but the binary at
<https://github.com/enterprise-contract/ec-cli/releases/download/v0.7.51/ec_linux_amd64>
has a different SHA-256 hash (and it's not just the compression). So
it's clear where it's coming from. The file contains this string:
Ubuntu clang=13.0.1-++20211023125314+73daeb3d507f-1~exp1~20211023125858.13
So it might not be a Red Hat build.
May I interpreted the metadata incorrectly and this container image is
not actually used during the build?
But if it is used, wouldn't we want to build it on Fedora
infrastructure?
Thanks,
Florian
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
