[buildd-tools-devel] Bug#774415: Bug#774415: From srebuild sbuild-wrapper to debrebuild
Johannes Schauer
josch at debian.org
Wed Dec 21 09:52:54 UTC 2016
Hi,
Quoting Holger Levsen (2016-12-21 10:32:07)
> On Wed, Dec 21, 2016 at 08:14:23AM +0100, Johannes Schauer wrote:
> > > (though I'm not sure I fully understand why not assume -rb if
> > > foo.buildinfo is given - I do understand for foo.changes…)
> >
> > - Because I'm not so sure that the user is aware that passing a .buildinfo
> > file will mean that sbuild is querying snapshot.d.n without asking the user
> > for further consent.
>
> what's the problem with that? (especially compared to downloading
> packages from ftp.*.debian.org, which is also done…)
because somebody who *does* care about this and uses their own local mirror
will have their setup subverted by this feature without any warning.
> > - Because then we would only allow .buildinfo files that include the
> > source package hash as well which I find quite limiting - especially
> > considering how the Debian autobuilders will exclusively generate
> > .buildinfo files of that kind
>
> why? If I call "sbuild foo.buildinfo" and that .buildinfo file has no
> source hashes, then sbuild should fail. Easy. (?!?!)
Why should it then fail in your opinion?
Sure, it's easy to implement but I wonder if this restrictions makes sense. Why
do you think it does?
> You seem to imply that the Debian autobuilders will generate .buildinfo files
> without source hashes - I think *that* is a problem - how can we fix it?
Autobuilders only generate the arch:all and arch:any binary packages from the
source package they are given. They do not regenerate the source package. Thus,
they will call dpkg-buildpackage with --build=any or --build=all which in turn
will create a .buildinfo that doesn't contain the source hash.
If one tries passing --buildinfo-option=--build=full to dpkg-buildpackage then
this will lead to a build failure if dpkg-buildpackage was not also called with
--build=full. This makes sense on the level of dpkg-buildpackage because it's
possible to build binary packages without having the source package. But on the
autobuilder level the source package always exists. It would thus probably have
to be sbuilds job to mangle the buildinfo file and insert the source package
hash in it. But if you do that then you get to disparities between people
generating their buildinfo with sbuild/pbuilder and people who just use
dpkg-buildpackage...
cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20161221/7c346a4f/attachment.sig>
More information about the Buildd-tools-devel
mailing list