Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

design: add bucket layout #208

Merged
merged 1 commit into from
Jul 12, 2019
Merged

design: add bucket layout #208

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 40 additions & 0 deletions Design.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ conclusion should be summarized here with a link to the issue.
- [Supported Ignition Versions](#supported-ignition-versions)
- [Configuration Language and Transpiler](#configuration-language-and-transpiler)
- [Security policies](#security-policies)
- [Bucket layout](#bucket-layout)

## OSTree Delivery Format

Expand Down Expand Up @@ -276,3 +277,42 @@ There have been multiple rounds of CPU vulnerabilities (L1TF and MDS) which cann
By default, Fedora CoreOS will configure the kernel to disable SMT on vulnerable machines. This conditional approach avoids incurring the performance cost on systems that aren't vulnerable. However, it fails to protect systems affected by undisclosed SMT vulnerabilities, and it allows future OS updates to disable SMT without notice if new vulnerabilities become known.

We will document this policy and its consequences, and provide instructions for unconditionally enabling or disabling SMT for users who prefer a different policy.

## Bucket Layout

Originally discussed in [#189](https://github.com/coreos/fedora-coreos-tracker/issues/189).

The `fcos-builds` bucket, fronted by http://builds.coreos.fedoraproject.org/ will be structured as follows:

```
/
prod/
streams/
stable/
releases.json
builds/
builds.json
30.1234-5/
release.json
x86_64/
meta.json
commitmeta.json
fedora-coreos-30.8-qemu.x86_64.qcow2.gz
ostree-commit-object
ostree-commit.tar
...
ppc64le/
...
...
testing/
next/
...
streams/
stable.json
testing.json
...
```

The artifacts under e.g. `30.1234-5/x86_64/` come directly from [coreos-assembler](https://github.com/coreos/coreos-assembler). The `/streams/*.json`, `release.json`, and `releases.json` are higher-level generated metadata objects. See [#98](https://github.com/coreos/fedora-coreos-tracker/issues/98) and [#207](https://github.com/coreos/fedora-coreos-tracker/pull/207) for more information about those.

The stream metadata format (under `/streams`) is intended to be stable, and stream metadata objects will contain links to artifacts in the release bucket. *Everything else about the bucket layout, including its directory structure and the formats of other metadata objects, is subject to change without notice. Third-party tooling should not rely on this structure, and should instead read metadata and artifact URLs directly from stream metadata at the officially documented URL*.