Release process: adjust “Build the Incremental Upgrade Kits locally” for puppet-tails remote
The “Build the Incremental Upgrade Kits locally” step of the release process might not work depending on remote settings for the release checkout.
Here's what is done to determine where to clone puppet-tails
from:
TAILS_REMOTE="$(git -C "${RELEASE_CHECKOUT?:}" remote get-url origin)"
PUPPET_TAILS_REMOTE=$(echo -n "${TAILS_REMOTE?:}" | perl -p -E 's,:tails(:?[.]git)?\z,:puppet-tails,')
which on my system leads to:
TAILS_REMOTE=git@gitlab-ssh.tails.boum.org:tails/tails.git
PUPPET_TAILS_REMOTE=git@gitlab-ssh.tails.boum.org:tails/tails.git
which isn't exactly what we'd like…
I'm wondering how much we need this anyway. Would it seem suitable to just trust the CA cartel and fetch stuff via an hardcoded https://gitlab.tails.boum.org/tails/puppet-tails
?
If it's not, I think we need several things to happen:
- The dust around which repositories live where to settle down (right now, https://gitlab.tails.boum.org/tails/puppet-tails is a R/O mirror, not sure whether that's going to live forever — I'd expect not?).
- Fix the Perl code above to make the
TAILS_REMOTE
→PUPPET_TAILS_REMOTE
dance work. - Make it possible to override this setting locally; for example: I'm building on a machine where I
unison
files around, which doesn't have any SSH credentials, and I'd be happy to just have an extra environment variable set to tell our tooling to just clone from the nearby repository.
Assigning to @anonym for initial rubber-ducking.