CentOS Stream - sync2git

TLDR: This blog post summarizes sync2git service that is used to push internal Red Hat packages and modules into CentOS git repositories. I will skip talking about modules for simplicity.

What is sync2git ?

It’s a service that’s part of CentOS Stream project. In simple words, it does 2 things:

1. Pull internal package and module builds from brew. Brew is internal Red Hat instance of koji.
2. Push them to CentOS git repositories.

How does it work ?

It heaviliy depends on alt-src tool which is maintained by Red Hat release engineering team. sync2git works in several steps:

1. Pull list of internal package builds that are tagged with certain tag. For example, rhel-8.2.0-candidate is the internal tag for builds that are set to be released for rhel-8.2.0.
2. Check if there are any embargoed CVE fixes pending for any of the listed builds. If yes, remove them from list. We want to avoid publishing any packages to git.centos.org that contain CVE fixes that are not released yet. So, package builds that contain unpublished CVE fixes may take longer than other packages to be available for CentOS Stream. There is an internal hosted web service to check for such packages.
3. Download source rpm for the listed packages.
4. Use alt-src to push the source rpm to git.centos.org. alt-src basically explodes the source rpm and pushes the sources to c8s branch in git.centos.org. For example, latest changes for systemd can be seen here.

Where can I find the details ?

A line of code is worth a thousand words. Some of the details I shared in previous section may change over time. For details and latest updates you can see code for this service here.

Credits

Thanks to Brian Stinson, James Antill and rest of CentOS Stream team for helping me with implementation of this service. Also, thanks to Red Hat release engineering team for their guidance with alt-src.

Comments on Hacker News and reddit.