František Lachman
Principal Software Engineer and Packit Product Owner at Red Hat.
Occasional teacher at Masaryk University, Brno CZ. Member and instructor of scout leaders. Python and non-formal education enthusiast.
Sessions
What if detecting bugs and vulnerabilities in RPM-based distributions could be seamless and fully automated?
OpenScanHub is a service for static and dynamic code analysis. It was internally used inside Red Hat to scan releases of RHEL for more than a decade and was open-sourced in 2023.
OpenScanHub can fully automatically scan RPMs and has the ability to do differential scans that helps in finding bugs that may be introduced on package updates and new distribution releases. By default, it supports static analyzers embedded in GCC, Cppcheck, ShellCheck, find-unicode-control, Clippy and is extensible to support other analyzers. It can collect reports from various analyzers at a single place to make it easy to analyze them.
OpenScanHub was recently integrated with Packit, a CI/CD solution for automating RPM package builds, tests, and distribution releases. This new integration performs differential scans on pull requests, so potential bugs may be found during the pull request review process and would not be introduced into the codebase.
In this talk, we will share ideas about how CentOS Stream and its derivatives may benefit from OpenScanHub.
For some time, Packit’s main target had been Fedora. But we have something for the CentOS Stream community as well. Specifically for CentOS SIGs this time.
Providing builds and CI for your SIG is not easy, and with Packit, we thought we could be of help. We were asked about this a long long time ago, but last year, Christian Glombek sent us the first contribution that kicked off the actual work and together with the Packit team, the work on automation for CBS Koji builds started for real. Just another Koji instance one would say. We’ve come a long way since then and learned our lesson. Come and see what it takes to automate RPM builds on CBS Koji in reality and how you can benefit from our work.
During the talk, we’ll show what we’ve managed to finish and what are our plans for the future.
Packit can be a natural choice when it comes to Fedora automation. But did you know that the very same works for EPEL?
Let’s take a look at how Packit can help you get a new package version from the upstream release to the user. We’ll take a look at multiple approaches to getting your new version to dist-git, and we’ll continue with Koji builds (no worries, side-tags are supported) and we’ll finish with Bodhi updates.
Let’s meet during lunch to see all this at work and help us help you save some time when maintaining a package.