Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Working towards providing what the client expects, https://github.com/php-tuf/composer-integration/wiki
Comments
Comment #3
Wim Leers🤓 Interesting:
… but I'm not sure I understand what this does? 😅
Comment #4
drummThat’s how https://gitlab.com/rugged/rugged/-/issues/120 landed. A directory named
tuf_ready_*
signals to rugged that it can batch process the targets within.rsync --delay-updates
allows us to populate that directory atomically.Comment #6
Wim Leers👍 Thanks for the context!
Comment #9
drummWe can now send targets as if they were at:
Now we need the root
packages.json
. That needs to be a file on the filesystem first: #3342516: Write out packages.json instead of serving it dynamicallyComment #11
drummThe basics here are done. We now have:
https://drupal:drupal@packages.staging.devdrupal.org/metadata/1.root.json
https://drupal:drupal@packages.staging.devdrupal.org/metadata/targets.json
https://drupal:drupal@packages.staging.devdrupal.org/metadata/snapshot.json
https://drupal:drupal@packages.staging.devdrupal.org/metadata/timestamp....
We'll have a few followups:
Comment #12
phenaproximaYou should be able to remove the targets. As long as the hashes have been generated for the zip files that Composer will actually download -- that is, whatever is in the
dist
for any given version of any given package -- I should be able to safely download those zip files from anywhere.Comment #13
drummWe’re not routing
/targets
to be downloadable, but they are still on disk for rugged. Rugged might not like its copies of the targets files being taken away or set up in a way that they are never saved.Comment #17
drummI believe just about everything is done for this issue, we can tackle getting this to production in the parent issue and more child issues from that.
The one loose end is
My initial testing says we can. So, in a followup, we can either:
Comment #18
Wim LeersDoes that mean #3343490: Deploy rugged for TUF signing to production will happen next? 🤞
Comment #19
drummIt will be a few issues to round up, since we took a few shortcuts to get to where we are. #3349408: Decide on & implement targets management for Rugged instance covers my last comment here, since it isn’t really related to what the drush command to load the targets for signing does.