Nightlies: archive previous ones and use UTC timezone

[Pacoup]

Hey @sideshowbarker

Just wanted to confirm that your nightlies server is set to JST.

[sideshowbarker]

@Pacoup yup, that’s intentional because I live in Tokyo and I have the nginx directory listing set to use my local time. If you think it would be better to have it use UTC instead, lemme know. I’m happy to change it.

[Pacoup]

@sideshowbarker I was thinking something more along the lines of creating an authoritative nightlies server (i.e. non-personal domain) of which the data is exposed via a small web app, showing time according to users' locale, and where all nightlies are retained (or, at least a few versions, cause right now there's no history at all).

But, this directory will have to do for now. So long as there's some documentation somewhere about the timezone—this issue will do nicely—I don't mind a non-UTC timezone.

[sideshowbarker]

But, this directory will have to do for now. So long as there's some documentation somewhere about the timezone—this issue will do nicely—I don't mind a non-UTC timezone.

I guess I can take a look at see if there's some way to tell nginx to add that info to the header or footer part of the generated directory index page. I know how to do that with Apache but I’ve never yet had need to do it with nginx myself.

I was thinking something more along the lines of creating an authoritative nightlies server (i.e. non-personal domain)

I think that rather then setting up some other nightly server on our own, it would be better to just use some existing service that provides what we need.

So, do you have ideas for such existing places/services where we could host nightly releases?

I’d be happy to switch to using some service where I didn’t have to maintain the infrastructure myself—especially if it provided features like the stuff you mentioned about “data is exposed via a small web app, showing time according to users' locale” and “where all nightlies are retained at least a few versions".

The one main requirement I'd have myself for such a shared system is that like my sideshowbarker.net domain, it must not be an insecure origin—that is, needs to be https/SSL/TLS, not just plain http (and the files uploaded there need to be accompanied by GPG sigs and MD5 and/or SHA1 checksums— so we can tell who made the packages and that they’re actually the packages that person made/signed).

I just don’t know about any existing such service—and if I did I’d already be using that service instead.

But short of having such a service, for something I have to maintain myself, I have zero interest (or time) to create anything more elaborate than what I already have set up at https://sideshowbarker.net/nightlies/

The sideshowbarker.net server is authoritative in practice. The fact that it’s clearly a domain I control is a feature in this case—as far signaling that it’s a place that users can trust as something associated with this project and not some third-party malware site or whatever.

And for me personally as the one currently responsible for building the packages and making them available, it sort of goes without saying but: I trust and prefer my server/domain more than some other 3rd-party thing I might use—because I control sideshowbarker.net and have root access to it and don't have to rely on somebody to fix any problems I might run into.

Anyway, in the end the domain name is arbitrary. I guess I could register a new domain called “html-checker.org” or something myself but it would still be a personal domain—given that I wouldn’t give anybody else direct ssh/scp access to it, because I’m not interested in becoming a system admin.

And note that we can’t use the validator.nu domain because that’s @hsivonen’s own server, and I believe that like me he doesn’t want to turn his server into a multi-user system with him as the sysadmin.
I would suspect that the same holds true for any of us—I don’t think anybody among us wants to turn this into a sysadmin project. So in practice any other domain I’d create or that somebody else would create is likely to still just be a personal domain—it would just have a domain name that makes it look like it’s not.

Given all that, I think for now just serving them from sideshowbarker.net works fine

of which the data is exposed via a small web app, showing time according to users' locale,

If someone creates that & contribute it, I’d be happy to set it up at https://sideshowbarker.net/nightlies/ But there’s pretty much no chance of me taking time to write it up myself any time soon.

[Pacoup]

@sideshowbarker I also do not know of a nightlies hosting service and no worries, I never implied you should program such a thing. Most projects that make their own seem to either have swaths of commercially-backed developers (e.g. Google, Mozilla) or a very large project which even has a governence board and everything (e.g. Debian). Smaller projects I know usually don't host nightlies. You have to build it yourself. So, I mean, thanks for hosting nightlies.

About the domain, I thought validator.nu was some kind of community project hosted under the W3C or something so we could have an “official” domain of sorts. My bad.

As far as timezones in nginx, it looks like you can turn on autoindex_localtime to have nginx display local time and not UTC / server time.

The only thing is, I wished there was a way to see previous nightlies. I know I can just backup whatever I have running, but it would be nice to retain a few of them for rollbacks and history. Is this something you can easily implement in your build process or is that too much to ask?

[sideshowbarker]

The only thing is, I wished there was a way to see previous nightlies

Yeah, agreed. I was just being lazy. Anyway, I have things set up now such that the nightlies area has both the latest jar itself and also a zip package of the jar along with its gpg signature + md5/sha1 hashes. So as we go forward the older zip files will remain there even as the jar file gets updated to latest.

[Pacoup]

Thanks 👍