[buildd-tools-devel] Bug#774415: sbuild: please add the srebuild sbuild wrapper to reproduce builds

Benjamin Drung benjamin.drung at profitbricks.com
Mon Apr 13 13:23:59 UTC 2015 

Hi,

On Fri, 02 Jan 2015 12:59:28 +0100 Johannes Schauer <j.schauer at email.de> wrote:
> to verify a package build for reproducible builds [1], it is necessary
> to carry it out in an environment with the right package versions. This
> information is stored in .buildinfo files.
> 
> [1] https://wiki.debian.org/ReproducibleBuilds
> 
> I wrote a thin wrapper for sbuild which figures out the right timestamp
> from snapshot.debian.org that contains the right package versions and
> then installs those in sbuild using its hook functionality.
> 
> A more detailed explanation can be found in this email:
> 
> https://lists.alioth.debian.org/pipermail/reproducible-builds/Week-of-Mon-20141229/000613.html
> 
> The functionality depends on the resolution of bug #774359, thus adding
> it as a blocker for this bug.
> 
> You can find the code implementing this functionality attached or in the
> pu/reproducible branch in this repository:
> 
> http://anonscm.debian.org/cgit/reproducible/sbuild.git/

I briefly looked at the code and the man page of your script. I like the
idea to extent the sbuild package to support rebuilds. The
implementation of srebuild is very fine-tuned to one use case and will
break if you violate one of the constrains. I would prefer an
implementation that is more flexible and doesn't require soo many
conditions.

My idea would be to add an option to sbuild to provide a buildinfo file.
When this file is provided, sbuild will adjust the build dependencies to
depend on exactly the package versions that are in the buildinfo file
and tries to install these versions.

This way you just have to make sure that you have the package versions
somewhere available in your sources.list. Then you just need a thin
wrapper around sbuild that feeds additional snapshot.debian.org sources
entries into sbuild.

In case you keep old versions in your package repository (e.g. when you
use reprepro with multiple version management [bug #570623]), you could
simply use sbuild without any modifications.

-- 
Benjamin Drung
System Developer

ProfitBricks GmbH - The IaaS-Company
Greifswalder Str. 207
D - 10405 Berlin

Mail: benjamin.drung at profitbricks.com
Fax:  +49 30 577 008 598
URL:  http://www.profitbricks.com

Sitz der Gesellschaft: Berlin.
Registergericht: Amtsgericht Charlottenburg, HRB 125506 B.
Geschäftsführer: Andreas Gauger, Achim Weiss.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20150413/e5b24895/attachment.sig>

More information about the Buildd-tools-devel mailing list