[13:26] <dpasqualin_> Hello! I would like to know what is currently being used to manage the .deb packages used in Ubuntu. What developers use to publish new packages to the official repository..
[13:27] <dpasqualin_> We have a ubuntu based distribution in Brazil called "Educational Linux", and we are using reprepro and some scripts made by us to control developers access to the different repositories we have, but I feel like there should be something better out there. =P
[13:34] <shadeslayer> dpasqualin_: there's dak
[13:34] <shadeslayer> dpasqualin_: but Ubuntu uses Launchpad
[13:34] <mapreri> dpasqualin_: ubuntu infra is something complex. Packages are managed through launchpad. That said everything and nothing, I know, but that it. Maybe debian infra is a bit simpler: They use dak to handle packages, which is far simpler than the whole launchpad
[13:34] <shadeslayer> hah
[13:34] <shadeslayer> dak
[13:34] <shadeslayer> simpler
[13:34] <shadeslayer> you're joking right
[13:34] <mapreri> "simpler"...
[13:34] <shadeslayer> dak has hard coded release strings
[13:34] <shadeslayer> etc etc
[13:35] <dpasqualin_> I see..
[13:35] <mapreri> I know, but I strong believe that deploy a new dak instance is far easier that a new launchpad...
[13:35] <dpasqualin_> I'll have a look at dak then
[13:35] <mapreri> than*
[13:35] <shadeslayer> I would really not recommend dak
[13:36] <dpasqualin_> thanks mapreri =P
[13:36] <dpasqualin_> can you explain why not, and what would you suggest instead?
[13:36] <shadeslayer> see above wrt hard coded release strings
[13:36] <mapreri> I would stick with reprepro, but I don't know how well it handle thousand of packages...
[13:37] <shadeslayer> likewise
[13:37] <shadeslayer> dpasqualin_: I'd recommend talking to ximion about dak
[13:37] <shadeslayer> since he set it up for tanglu
[13:39] <mapreri> "dak is the collection of programs used to maintain the Debian project's archives.  It's not yet in a state where it can be easily used by others; if you want something to maintain a small archive and apt-ftparchive (from the apt-utils package) is insufficient, I strongly recommend you investigate mini-dinstall, debarchiver or similar. However, if you insist on trying to try using dak, please read the documentation in 'doc/README.first'."
[13:39] <cjwatson> as the non-industrial-scale ones go, reprepro is pretty good AFAICS
[13:40] <dpasqualin_> humm, ok
[13:40] <dpasqualin_> have you guys heard of aptly?
[13:40] <cjwatson> not previously
[13:42] <dpasqualin_> it seems pretty straightforward to use. It doesn't manage user permissions, but neither does reprepro..
[13:47] <dpasqualin_> Here we manage the repos like this. In the server where the repos are we have one system user for each repo. Each user has an authorized_keys file stating who can publish in the repository, which has the same name of the user. So in order to publish in, lets say, le5-stable, the developer would do "scp le5-stable@reposerver package.deb". The server has a script called by ssh when someone does the scp, which than triggers reprepro to publish the
[13:47] <dpasqualin_> incoming package in the right place.
[13:49] <dpasqualin_> What do you think about this workflow?
[13:49] <mapreri> umh, I hope you definitely trust the developers to do not screw up everything....
[13:50] <dpasqualin_> The developers can only publish on unstable and testing repos. When I feel like the package are mature enough I than tranfer it to the stable repository.
[13:50] <mapreri> or that you have a script that validate the .debs (checks the suites, for instance)
[13:53] <dpasqualin_> we do have
[13:54] <dpasqualin_> It's just that, this was done by some coworkers 8 years ago, I thought there would be something more automated nowadays.
[13:55] <dpasqualin_> ppa are pretty nice, but my research group prefers to keep the packages in our own server.
[13:55] <dpasqualin_> well, anyway, thank you very much for the tips!
[13:56] <mapreri> well, 8 years... maybe it's worth taking a look at really complex infra like lp and dak... maybe, just look at them (don't dig too much, or you will get lost ;) )
[13:59] <cjwatson> I would strongly recommend not having developers do manual binary uploads
[13:59] <cjwatson> upload source only and autobuild
[14:04] <dpasqualin_> good point
[14:06] <cjwatson> you obviously need a back door for bootstrapping circular build-dependencies and the like, but that's better handled by having a way for a small group of privileged people to inject binaries that satisfy build-dependencies, rather than by actually injecting binaries directly
[14:08] <dpasqualin_> I see
[14:11] <dpasqualin_> I have one more question, if this is not the right place maybe someone can say where should I ask. How is the .iso the ubuntu releases build?
[14:12] <dpasqualin_> Is there any software to help on this? We also use some scripts that doesn't always work =P
[14:18] <mapreri> dpasqualin_: only cjwatson can give you a complete response, but mybe this can guide you: http://askubuntu.com/questions/95190/what-is-an-ubuntu-localized-image-and-how-do-i-create-one (look at the ubuntu-defaults-builder package and the in particular at ubuntu-defaults-image(1))
[14:19] <mapreri> (I said maybe)
[14:20] <cjwatson> "bzr branch lp:ubuntu-cdimage" plus the bits in the resulting configs/devel, and they use Launchpad to do the live image builds that form a major part of it
[14:21] <dpasqualin_> Great, thanks!
[15:24] <mapreri> dpasqualin_: I was reading the manpage of reprepro (for my stuff) and I saw a Uploaders field that could definitely help you handling permissions (I wasn't aware of it)
[15:54] <dpasqualin_> mapreri: thanks!