Allow spec.json files to be clearsigned, use transparent compression for *.json#34490
Merged
haampie merged 2 commits intospack:developfrom Jan 7, 2023
Merged
Conversation
spackbot-app
bot
added
binary-packages
commands
core
haampie
added a commit
to haampie/spack
that referenced
this pull request
Dec 13, 2022
See spack#34491. Should go after spack#34490.
haampie
added a commit
to haampie/spack
that referenced
this pull request
Dec 13, 2022
See spack#34491. Should go after spack#34490.
haampie
changed the title
haampie
force-pushed
the
binary_cache/allow-clearsigned-spec.json-files
branch
6 times, most recently
from
92bf8c8 to
f48b6ca
Compare
haampie
changed the title
haampie
changed the title
scottwittenburg
previously approved these changes
Jan 5, 2023
Contributor
scottwittenburg
left a comment
scottwittenburg
left a comment
There was a problem hiding this comment.
Looks great, thanks @haampie 👍
I just had one question, but feel free to merge regardless.
haampie
commented
Jan 5, 2023
| local_specfile_stage.destroy() | ||
| # If it is a clearsign file, we must verify it (unless disabled) | ||
| should_verify = not unsigned and is_clearsigned_file(specfile_path) | ||
| if should_verify and not try_verify(specfile_path): |
Member
Author
There was a problem hiding this comment.
Hm, another issue is that this is not yet working, cause it's first clearsigned and then gzipped, so verification requires decompression. Should the order be reverted? Sign the compressed json?
Member
Author
There was a problem hiding this comment.
Went with compress(sign(json)) so that we can swap the compression scheme without the need to re-sign the files.
haampie
force-pushed
the
binary_cache/allow-clearsigned-spec.json-files
branch
from
f48b6ca to
018ba60
Compare
Currently we have separate `spec.json` and `spec.json.sig` files. The former is a pure spec, the latter is clearsigned spec. This is a bit unfortunate, cause a lookup for a spec file now requires two remote requests (with or without cache). This PR allows clearsigned `spec.json` files too, and changes otherwise nothing. The idea is to backport this to 0.19.1, since for 0.19.1 it is not a behavioral change, but rather a bugfix for improved 0.20 / 0.21 forward compatibility. Next steps after this PR: - Start uploading spec.json.sig files both as spec.json.sig and spec.json. This ensure they work with any Spack version. - Deprecate spec.json.sig in 0.20. - After Spack 0.20 branches off, stop uploading *.sig, and stop checking the remote for *.sig files. - Potentially we can also add a config option to disable checking for *.sig files on develop earlier.
The files spec.json / spec.json.sig / index.json can now be stored gzip compressed (without .gz extension)
haampie
force-pushed
the
binary_cache/allow-clearsigned-spec.json-files
branch
from
018ba60 to
6c20ec1
Compare
scottwittenburg
approved these changes
Jan 6, 2023
Contributor
scottwittenburg
left a comment
scottwittenburg
left a comment
There was a problem hiding this comment.
Looks good to my eyeballs 😆 thanks @haampie! I notice the past several gitlab pipelines haven't built anything (as expected), but since this isn't actually changing what we push (still pushing .spec.json.sig, not compressing them yet), this isn't likely to break anything when run in the wild. But it's good preparation for the next steps, thanks again 👍
RikkiButler20
pushed a commit
to RikkiButler20/spack
that referenced
this pull request
Jan 24, 2023
…for *.json (spack#34490) This commit allows (remote) spec.json files to be clearsigned and gzipped. The idea is to reduce the number of requests and number of bytes transferred
RikkiButler20
pushed a commit
to RikkiButler20/spack
that referenced
this pull request
Jan 24, 2023
…ression for *.json (spack#34490)" (spack#34856) This reverts commit 8a1b817.
amd-toolchain-support
pushed a commit
to amd-toolchain-support/spack
that referenced
this pull request
Feb 16, 2023
…for *.json (spack#34490) This commit allows (remote) spec.json files to be clearsigned and gzipped. The idea is to reduce the number of requests and number of bytes transferred
amd-toolchain-support
pushed a commit
to amd-toolchain-support/spack
that referenced
this pull request
Feb 16, 2023
…ression for *.json (spack#34490)" (spack#34856) This reverts commit 8a1b817.
techxdave
pushed a commit
to Tech-XCorp/spack
that referenced
this pull request
Feb 17, 2023
…for *.json (spack#34490) This commit allows (remote) spec.json files to be clearsigned and gzipped. The idea is to reduce the number of requests and number of bytes transferred
techxdave
pushed a commit
to Tech-XCorp/spack
that referenced
this pull request
Feb 17, 2023
…ression for *.json (spack#34490)" (spack#34856) This reverts commit 8a1b817.
jmcarcell
pushed a commit
to key4hep/spack
that referenced
this pull request
Apr 13, 2023
…for *.json (spack#34490) This commit allows (remote) spec.json files to be clearsigned and gzipped. The idea is to reduce the number of requests and number of bytes transferred
jmcarcell
pushed a commit
to key4hep/spack
that referenced
this pull request
Apr 13, 2023
…ression for *.json (spack#34490)" (spack#34856) This reverts commit 8a1b817.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR does two things:
It does not make any changes to how we create binary caches.
The idea is to allow this PR to be backported.
Currently we have separate
spec.jsonandspec.json.sigfiles. Theformer is a pure spec, the latter is clearsigned spec. This is unfortunate,
cause metadata lookups now requires at most two requests per remote.
Further, update-index logic fetches all spec.json files, which can take
quite some bandwidth. We can drop ~85% of the size by compressing
those files. To avoid yet another lookup (spec.json.sig.gz etc) we can
use transparent decompression. So a file is decompressed when the
magic bytes signal it's gzip, otherwise it's treated as text.
This PR allows
spec.json(andindex.json) files to be any combinationof the cartesian product
[gzip compressed, uncompressed]x[clearsigned, unsigned].The idea is to backport this to 0.19.1, since for 0.19.1 it is not a
behavioral change, but rather a bugfix for improved Spack 0.21 forward
compatibility.
Next steps after this PR:
spec.json. This ensure they work with any Spack version.
the remote for *.sig files.
*.sig files on develop earlier.