Skip to content

SOP: Compose and Repo Sync for Rocky Linux 8

This SOP covers how the Rocky Linux Release Engineering Team handles composes and repository syncs for Rocky Linux 8. It contains information of the scripts that are utilized and in what order, depending on the use case.

Please see the other SOP for Rocky Linux 9+ that are managed via empanadas and peridot.

Contact Information

Owner Release Engineering Team
Email Contact
Email Contact
Mattermost Contacts @label @mustafa @neil @tgo
Mattermost Channels ~Development

There are several git repositories used in the overall composition of a repository or a set of repositories.

Pungi - This repository contains all the necessary pungi configuration files for composes that come from koji. Pungi interacts with koji to build the composes.

Comps - This repository contains all the necessary comps (which are groups and other data) for a given major version. Pungi uses this information to properly build the repositories.

Toolkit - This repository contains various scripts and utilities used by Release Engineering, such as syncing composes, functionality testing, and mirror maintenance.

Composing Repositories

Mount Structure

There is a designated system that takes care of composing repositories. These systems contain the necessary EFS/NFS mounts for the staging and production repositories as well as composes.

  • /mnt/koji -> Koji files store
  • /mnt/compose -> Compose data
  • /mnt/repos-staging -> Staging
  • /mnt/repos-production -> Production


Each repository or set of repositories are controlled by various pungi configurations. For example, r8.conf will control the absolute base of Rocky Linux 8, which imports other git repository data as well as accompanying json or other configuration files.

Running a Compose

Inside the pungi git repository, the folder scripts contain the necessary scripts that are ran to perform a compose. There are different types of composes:

  • produce -> Generates a full compose, generally used for minor releases, which generate new ISO's
  • update -> Generates a smaller compose, generally used for updates within a minor release cycle - ISO's are not generated

Each script is titled appropriately:

  • -> Generates a full compose for X major release, typically set to the current minor release according to rX.conf
  • -> Generates a smaller compose for X major release, typically set to the current minor release according to rX.conf
  • -> Generates a compose for the specific compose, such as NFV, Rocky-devel, Extras, or Plus

When these scripts are ran, they generate an appropriate directory under /mnt/compose/X with a directory and an accompanying symlink. For example. If an update to Rocky was made using, the below would be made:

drwxr-xr-x. 5 root  root  6144 Jul 21 17:44 Rocky-8-updates-20210721.1
lrwxrwxrwx. 1 root  root    26 Jul 21 18:26 latest-Rocky-8 -> Rocky-8-updates-20210721.1

This setup also allows pungi to reuse previous package set data to reduce the time it takes to build a compose. Typically during a new minor release, all composes should be ran so they can be properly combined. Example of a typical order if releasing 8.X:

Syncing Composes

Syncing utilizes the sync scripts provided in the release engineering toolkit.

When the scripts are being ran, they are usually ran for a specific purpose. They are also ran in a certain order to ensure integrity and consistency of a release.

The below are common vars files. common_X will override what's in common. Typically these set what repositories exist and how they are named or look at the top level. These also set the current major.minor release as necessary.

├── common
├── common_8
├── common_9

These are for the releases in general. What they do is noted below.

├──                  -> Generates torrents for images
├── -> Syncs a minor release to staging
├──                -> Preps staging updates and signs repos
├──               -> Signs the repomd (only)
├──                  -> Syncs staging to production
├──               -> Syncs a provided compose to staging
├──           -> Syncs a sig provided compose to staging

Generally, you will only run when a full minor release is being produced. So for example, if 8.5 has been built out, you would run that after a compose. would be ran shortly after.

When doing updates, the order of operations (preferably) would be:

* -> Only if sigs are updated
*`     -> This is required to ensure the groups, comps, and
                            module data stay sane. This helps us provide older
                            packages in the repos as well as signs repo metadata.
*        -> After the initial testing, it is sent to prod.

An example of order:

# The below syncs to staging
RLVER=8 bash Plus
RLVER=8 bash Extras
RLVER=8 bash Rocky-devel
RLVER=8 bash Rocky

Once the syncs are done, staging must be tested and vetted before being sent to production. During this stage, the updateinfo.xml is also applied where necessary to the repositories to provide errata. Once staging is completed, it is synced to production.

bash RLVER=8
bash bash

During this phase, staging is rsynced with production, the file list is updated, and the full time list is also updated to allow mirrors to know that the repositories have been updated and that they can sync.

Note: If multiple releases are being updated, it is important to run the syncs to completion before running the file list parallel script.

Last update: 2023-03-23