Page MenuHomePhabricator
Create Task
Maniphest T363027

[builds-builder] Support adding repositories for Apt buildpack
Open, Needs TriagePublicFeature
Actions

Description

As a tool maintainer
I want to install packages from PPAs or other non-Canonical (pun intended) origins
So I can use software that is not present in the default repos.

The buildpack at https://gitlab.wikimedia.org/repos/cloud/toolforge/buildpacks/apt-buildpack had some version of this functionality until it was removed by e0136496: Explicitly disallow external packages/repos. That commit left a difficult to spot note in the builder output that users with specific needs for alternate apt repos file a task.

It is currently unclear what process would be used to adjudicate such a request, but it seems reasonable to assume that the bar for adoption would be set fairly high. Shared modifications of the buildpack for all users would exclude any use cases where a different origin was desired for a package whether that need be short term testing or long term use by a particular tool. Allowing container local modifications does in theory increase the attack surface of that container, but does not directly impact all other Aptfile buildpack users.

Related Objects

Event Timeline

bd808 created this task.Fri, Apr 19, 10:30 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFri, Apr 19, 10:31 PM
bd808 added a subscriber: Anomie.Fri, Apr 19, 10:45 PM

One concrete use case for this feature would be installing toolforge-*-cli packages in a buildservice managed container. This is an idea that @Anomie and I have discussed as a potential partial solution for T356377: [toolforge] simplify calling the different toolforge apis from within the containers / T321919: Figure out and document how to call the Kubernetes API as your tool user from inside a pod.

Another would be installing packages from a tool maintainer managed PPA where things like custom builds of upstream projects could be staged for use. This could be a partial solution for T363028: Replace custom deployment with build service and job service.

bd808 renamed this task from [builds] Support adding repositories for Apt buildpack to [builds-builder] Support adding repositories for Apt buildpack.Fri, Apr 19, 11:11 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL