From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id F03FB1584F2 for ; Wed, 12 Mar 2025 20:43:02 +0000 (UTC) Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) (Authenticated sender: relay-lists.gentoo.org@gentoo.org) by smtp.gentoo.org (Postfix) with ESMTPSA id D7F383431BD for ; Wed, 12 Mar 2025 20:43:02 +0000 (UTC) Received: from bobolink.gentoo.org (localhost [127.0.0.1]) by bobolink.gentoo.org (Postfix) with ESMTP id 7231D1103E3; Wed, 12 Mar 2025 20:42:20 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bobolink.gentoo.org (Postfix) with ESMTPS id BE55B1103C7 for ; Wed, 12 Mar 2025 20:42:19 +0000 (UTC) Received: from [IPV6:2603:6011:3f0:6f00::12ac] (unknown [IPv6:2603:6011:3f0:6f00::12ac]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: eschwartz) by smtp.gentoo.org (Postfix) with ESMTPSA id 4F921343142 for ; Wed, 12 Mar 2025 20:42:19 +0000 (UTC) Message-ID: <62a9401e-3198-4e03-b08f-d607e6aacfda@gentoo.org> Date: Wed, 12 Mar 2025 16:42:16 -0400 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [gentoo-dev] verifying commits via server-side git pre-receive hook To: gentoo-dev@lists.gentoo.org References: Content-Language: en-US From: Eli Schwartz Autocrypt: addr=eschwartz@gentoo.org; keydata= xjMEZmeRNBYJKwYBBAHaRw8BAQdAYNZ7pUDWhx1i2f3p6L2ZLu4FcY18UoeGC04Gq/khqwfN I0VsaSBTY2h3YXJ0eiA8ZXNjaHdhcnR6QGdlbnRvby5vcmc+wpYEExYKAD4WIQTvUdMIsc4j CIi+DYTqQj6ToWND8QUCZoRL+gIbAwUJBKKGAAULCQgHAwUVCgkICwUWAgMBAAIeBQIXgAAK CRDqQj6ToWND8aB5AP9r4kB691nNtNwKkdRiOdl7/k6WYzokvHvDamXxRJ0I+gEAjZqR5V8y mfR3fy2Z+r2Joeqdt3CIv5IwPs64spBvigLOOARmZ5E0EgorBgEEAZdVAQUBAQdATT46Z06b 1X9xjXFCYFxmq/Tj3tSEKZInDWTpoHQp4l8DAQgHwn4EGBYKACYWIQTvUdMIsc4jCIi+DYTq Qj6ToWND8QUCZmeRNAIbDAUJBKKGAAAKCRDqQj6ToWND8a2RAP40KPfbfoiZAJW5boFmFJ3G TUBDJRh9CWHyaPqq2PN+0wD/R07oLzfnJUN209mzi9TuTuHjeZybysyqXSw4MAxkMAY= In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------2fWEPtjN7Sz8wzi4PmCiwwkT" X-Archives-Salt: 08d7ba45-872f-40c3-a9cf-575e7229a07c X-Archives-Hash: 4567c774aa7ecef8a88608d677bf518a This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------2fWEPtjN7Sz8wzi4PmCiwwkT Content-Type: multipart/mixed; boundary="------------bY2ZOAfTrkfY5Fe5TTYeExVu"; protected-headers="v1" From: Eli Schwartz To: gentoo-dev@lists.gentoo.org Message-ID: <62a9401e-3198-4e03-b08f-d607e6aacfda@gentoo.org> Subject: Re: [gentoo-dev] verifying commits via server-side git pre-receive hook References: In-Reply-To: --------------bY2ZOAfTrkfY5Fe5TTYeExVu Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/25/24 12:15 PM, Tim Harder wrote: > Hi all, >=20 > I've been working for a while on pkgcraft[1] and related tooling that > could have the potential to run various CI checks server-side as a > pre-receive git hook verifying commits. Previously, this wasn't at all > possible due to portage/repoman and pkgcore/pkgcheck being too slow to > feasibly run and give feedback within a second or two of interactively > pushing. >=20 > [...] >=20 > From all this, my main questions to the dev community are the following= : >=20 > - Do you see value in running a service that can reject commits due to > =C2=A0 issues like invalid metadata during `git push`? Yes please! This would be fantastic to have. Already, pushing is not quite instantaneous since the hooks wait on e.g. pushing again to mirrors, and I don't think waiting a couple seconds for significantly greater peace of mind is at all a bad thing. > - Would the project be open to moving to a merge queue model? At least for me, no. I don't think it's necessary as we can already see huge reliability benefits without it, and the merge commit / signing issues are what I'd personally consider to be an instant dealbreaker. So I'd say there's a lot to lose and not much to gain. > - Are there others who would be interested in helping with the > =C2=A0 development, testing, and maintenance of a git-hook service if t= hat is > =C2=A0 the chosen path? I'd be happy at minimum to help test it, although in principle I'm not uninterested in the rest. --=20 Eli Schwartz --------------bY2ZOAfTrkfY5Fe5TTYeExVu-- --------------2fWEPtjN7Sz8wzi4PmCiwwkT Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTnFNnmK0TPZHnXm3qEp9ErcA0vVwUCZ9HxqAUDAAAAAAAKCRCEp9ErcA0vV2UF AP4nf90jS7Soc4+gfHdgd86bMR2JExDqxw20tSNbyih0EQEAkS6e1Tpzw2oM5vWtTklDbKUGud5L WBtbAYzwtMaGww0= =495B -----END PGP SIGNATURE----- --------------2fWEPtjN7Sz8wzi4PmCiwwkT--