Benefit

Secureblue builds and installs several packages not provided by the Fedora repos via Copr repositories. Currently, there are seven separate Copr repos that are enabled: one each for crane, slsa-verifier, no_rlimit_as, run0edit, branding, hardened_malloc, and bubblejail (and with #1826, there will soon be eight).

Having one repository per package is inefficient and slows down dnf operations (both at build-time and runtime), as metadata has to be pulled separately for each repo. Instead, all of these packages could be put in a single secureblue Copr repository.

Solution

Merge all eight of the above copr repos into a single repo.

Alternatives

We could continue having one package per Copr repo, but I'm not aware of any upside to this.

Another alternative would be to delete or disable the Copr repos during the build process after they've been used to install packages. This would eliminate the runtime inefficiency, but not the build-time inefficiency, and it would have additional downsides, e.g. dnf info would fail to identify the source repository of those packages at runtime.

Declaration

• I agree to follow this project's Code of Conduct.
• I declare that this is not a request for alternate community messaging or social platforms.
• I declare that I have read the secureblue website and my feature request is in-scope.