openSUSE:Backports review team
openSUSE Backports review team
This document was created as part of an effort to revisit policies for openSUSE Jump.
Who is openSUSE Backports review team
We no longer have to build packages twice for openSUSE Backports and for Leap. This is important information for the beginning.
openSUSE Backports and openSUSE Jump (future Leap] teams joined efforts together, so the review is handled by both the openSUSE Backports team and members of openSUSE:Release_team who work on openSUSE Jump and Leap.
Policy
openSUSE Backports team follows following review policy openSUSE:Backports_Packaging_Policy.
What needs to be done as part of the review?
Since there is currently no openQA involved in the process, the runtime dependencies of new packages or updates need to be checked to make sure they can be solved.
If there is a missing runtime dependency, it also needs to be checked if it can be provided via backports itself or via the Subpackages repository.
Conflicts with SLE packages
Packages conflicting with SLE packages will fail on the rpmlint error. This have to be unfortunately excluded from Backports. SLE Filelists are currently maintained and kept up2date by Scott Bahling.
[ 9s] RPMLINT report: [ 9s] =============== [ 11s] python3-kerberos.x86_64: I: -- SLE Conflict -- File: /usr/lib64/python3.6/site- packages/kerberos.cpython-36m-x86_64-linux-gnu.so [ 11s] python-kerberos.src: W: no-version-in-last-changelog [ 11s] python2-kerberos.x86_64: W: no-version-in-last-changelog [ 11s] python3-kerberos.x86_64: W: no-version-in-last-changelog [ 11s] The latest changelog entry doesn't contain a version. Please insert the [ 11s] version that is coherent with the version of the package and rebuild it. [ 11s] [ 11s] python3-kerberos.x86_64: E: SUSE_Backports_policy-SLE_conflict (Badness: 10000) [ 11s] python3-pykerberos: /usr/lib64/python3.6/site-packages/kerberos.cpython-36m-x86_64-linux-gnu.so [ 11s] As per Backports policy no package may have the same name nor conflict with [ 11s] the file list of a package provided by SLE itself. [ 11s] [ 11s] (none): E: badness 10000 exceeds threshold 1000, aborting. [ 11s] 3 packages and 0 specfiles checked; 1 errors, 3 warnings. [ 11s] [ 11s] [ 11s] deadrat failed "build python-kerberos.spec" at Tue Sep 29 12:37:04 UTC 2020. [ 11s]
The git repository containing the rpmlint and it's configuration is hosted internally at SUSE at https://gitlab.suse.de/PackageHub/rpmlint-backports
Packages requiring security audit
Packages such as unauthorized PAM extensions require security audit even for Package Hub. Where security team can wait given rpmlint error.
See a bug https://bugzilla.suse.com/show_bug.cgi?id=1177684 for given example.
openSUSE:Leap:15.2/libpwquality> osc build --alternative-project openSUSE:Backports:SLE-15-SP2:Update --no-verify ... [ 21s] pam_pwquality.x86_64: W: suse-pam-unauthorized-module pam_pwquality.so [ 21s] The package installs a PAM module. If the package is intended for inclusion in [ 21s] any SUSE product please open a bug report to request review of the service by [ 21s] the security team. Please refer to [ 21s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs
Handling rpms from SUSE:SLE which are not shipped in SLE
We do have PackageHubSubpackages where we ship exactly that kind of packages. The repo PackageHubSubpackages is shipped together with the standard PackageHub repo but only available thru CDN since it comes from IBS
Result of the review
The package is in openSUSE Backports and inherited into the currently developed version of openSUSE Jump or Beta program for SUSE Linux Enterprise.
In case of a maintenance submission, change is available as a maintenance update to currently previously released openSUSE Leap or SUSE Linux Enterprise 15.