KDE Qt Patch Collection - Tarballs
Ben Cooksley
bcooksley at kde.org
Wed Oct 12 19:12:21 BST 2022
On Thu, Oct 13, 2022 at 12:53 AM Neal Gompa <ngompa13 at gmail.com> wrote:
> On Wed, Oct 12, 2022 at 6:23 AM Ben Cooksley <bcooksley at kde.org> wrote:
> >
> > Hi all,
> >
> > It has come to my attention after noticing abnormal activity on our
> Gitlab instance this evening that at least one distribution is fetching
> tarball archives for the KDE Qt Patch Collection directly from Invent.
> >
> > This is not a workload that invent.kde.org is intended to support and
> therefore places abnormal load on the system - especially in the case of
> QtWebEngine due to it's size. Analysis of the logs indicates that this type
> of activity is being conducted by both an RPM based distribution, as well
> as by Alpine Linux (see
> https://git.alpinelinux.org/aports/tree/community/qt5-qtserialbus/APKBUILD?h=3.16-stable
> )
> >
> > If the above applies to your distribution please ensure that you use
> your own copies of the tarballs generated by GItlab and do not have your
> automated tooling fetch it from invent.kde.org directly.
> >
> > Log excerpts, with IP addresses removed:
> >
> > [12/Oct/2022:05:17:59 +0000] "GET
> /frameworks/karchive/-/archive/8653117dede663d1f20850da82518fff4b7f732d/karchive-8653117.tar.gz
> HTTP/1.1" 200 1035786 "-" "rpmdev-spectool"
> > [12/Oct/2022:06:25:03 +0000] "GET
> /qt/qt/qtwebchannel/-/archive/fa8b07105b5e274daaa8adcc129fa4aa0447f9f7/qtwebchannel-fa8b07105b5e274daaa8adcc129fa4aa0447f9f7.tar.bz2
> HTTP/1.1" 200 249616 "-" "Wget/1.21.2"
> > [11/Oct/2022:15:51:41 +0000] "GET
> /qt/qt/qtwebengine/-/archive/v5.15.8-lts/qtwebengine-v5.15.8-lts.tar.bz2
> HTTP/1.1" 200 3090478 "-" "Wget/1.21"
> >
>
> At this time, Fedora does not package snapshots yet, though I believe
> I know who is doing it based on the log snippet here.
>
> But I'm going to use this to make a point here: I asked for
> tag-releases of the KDE Qt patch set earlier this year because the
> current situation is a huge mess[1]. The advice I continue to receive
> from KDE developers is to just fetch HEAD and ship that. Aside from
> being absolutely nuts to keep track of, you're telling us that the KDE
> GitLab instance can't handle it.
>
Fetching HEAD, in the form of cloning of the Git repository itself, is
something our system is well optimised for and can handle without issue.
Serving a compressed tarball of the files in that repository however is
orders of magnitude more expensive and is not a workflow for which it is
optimised to handle, especially not for automated access.
It has always been Sysadmin policy that automated access to the repository
browser functionality of any of our code repositories is not permitted.
This has covered /*checkout*/ urls on WebSVN back when svn.kde.org was the
primary repository and has continued throughout all of our Git repository
hosting as well (and continues with /raw/ and /archive/ endpoints on Gitlab)
Actual Git clones should be used.
>
> If we had tag-releases for the Qt patch collection, those could be
> released tarballs on the download service like all the other KDE
> software. It would also be considerably easier for things like Plasma
> to express dependencies on backport behaviors to function properly.
>
> So far, there are no good options for any of this right now. Make some.
>
>
> [1]: https://mail.kde.org/pipermail/kde-devel/2022-March/000997.html
Regards,
Ben
>
>
>
>
> --
> 真実はいつも一つ!/ Always, there's only one truth!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/distributions/attachments/20221013/f7e1201c/attachment.htm>
More information about the Distributions
mailing list