[Qa-jenkins-scm] [jenkins.debian.net] 01/01: reproducible archlinux and fedora plans

[Holger Levsen]

This is an automated email from the git hooks/post-receive script.

holger pushed a commit to branch master
in repository jenkins.debian.net.

commit 8cfbc7123b88dd5b5a2d4a3779acc8f95a28d375
Author: Holger Levsen <holger at layer-acht.org>
Date:   Sun Oct 18 18:10:43 2015 +0200

    reproducible archlinux and fedora plans
---
 TODO | 56 +++++++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 45 insertions(+), 11 deletions(-)

diff --git a/TODO b/TODO
index c0e34f0..faa10b2 100644
--- a/TODO
+++ b/TODO
@@ -131,8 +131,12 @@ properties:
 ** diffoscope needs to be run on the target arch... (or rather: run on a 64bit architecture for 64bit architectures and on 32bit for 32 bit archs), this should probably be doable with a simple i386 chroot on the host (so using qemu-static to run it on armhf should not be needed, probably.)
 
 * higher prio:
-** rewrite bin/schroot-create.sh from scratch, with little sudo
+** document in the non-debian pages, that we don't have a clear idea yet, how to record+reproduce the build environment and that this is essential for reproducible builds too.
+** explain status in plain english on each coreboot/openwrt/netbsd/freebsd page, also on the Debian dashboard plus add an "executive summary about reproducible builds in the free software world"
+*** get the content for "<h2>status of $1</h2>" from notes.git/friends.yaml or such
+** rewrite bin/schroot-create.sh from scratch, with little sudo.
 *** analyse+summarize needs, git commit that, then writing the script will be trivial
+*** use schroot tarballs (gzipped), moves are atomic then
 ** notes related:
 *** #786396: classify issue by "toolchain" or "package" fix needed: show bugs which block a bug
 *** new page with annoted packages without categorized issues (and probably without bugs as only note content too, else there are too many)
@@ -143,8 +147,6 @@ properties:
 *** new page with packages which ftbfs in testing but build fine on sid
 ** new page: packages which are orphaned but have a reproducible usertagged patch
 ** use static IPs (h01ger)
-** explain status in plain english on each coreboot/openwrt/netbsd/freebsd page, also on the Debian dashboard plus add an "executive summary about reproducible builds in the free software world"
-*** get the content for "<h2>status of $1</h2>" from notes.git/friends.yaml or such
 ** mattia: .py scripts: UDD or any db connection errors should either be retried or cause an abort (not failure!) of the job
 ** save build-hosts in build_duration table (and change to saving the time of a single build, not both combined?)
 ** repo-comparison: check for binaries without source
@@ -279,13 +281,44 @@ properties:
 
 ==== reproducible Fedora
 
-* use mock to create a fedora chroot to build in
+* call the script reproducible_rpms.sh as it can also build OpenSuSE packages
+* create jessie schroot with mock and yum installed
+** 'groupadd --system mock'
+** 'usermod -a -G mock jenkins'
+** see below for '/etc/yum/repos.d/'
+* then use yumdownloader to download rpms: 'yumdownloader --source sudo'
+** https://mirrors.fedoraproject.org/metalink?repo=fedora-23&arch=X86_64 has a list of repos
+* then configure+use mock to build:
+** 'sudo mock -r fedora-20-x86_64 --init'
+** 'sudo mock -r fedora-20-x86_64 sudo-1.8.14p3-1.fc23.src.rpm'
+
+----
+$ cat /etc/yum/repos.d/fedora23.repo
+[fedora23-src]
+name=fedora 23 sources
+baseurl=http://fedora.mirrors.telekom.ro/pub/fedora/linux/development/23/source/SRPMS
+enabled=1
+gpgcheck=0
+#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
+----
+
+----
+# releasever=22 or 23 or… basearch=x86_64
+[fedora]
+name=Fedora $releasever - $basearch
+failovermethod=priority
+#baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/
+metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
+enabled=1
+#metadata_expire=7d
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
+skip_if_unavailable=False
+----
+
+* more notes:
 ** http://blog.packagecloud.io/eng/2015/05/11/building-rpm-packages-with-mock/
 ** http://blog.packagecloud.io/eng/2015/04/20/working-with-source-rpms/
-* start with building a single package (which is reproducible on Debian), only build that one, until its reproducible
-** then eventually build the full base system (100-500 packages), once that package is reprodcuible (aka the rpm toolchain has been fixed...)
-* maybe call the script reproducible_rpms.sh and also let it build OpenSuSE packages?
-* document in the initial webpage, that we don't have a clear idea yet, how to record+reproduce the build environment. +that this is essential for reproducible builds too.
 
 ==== reproducible Arch Linux
 
@@ -293,15 +326,16 @@ properties:
 ** needs to download bootstrap.tar.gz sig and verify
 * use regular maintenace job to update the arch schroot: 'schroot --directory /tmp -c source:jenkins-reproducible-arch -u root -- pacman -Syu --noconfirm'
 * arch build.sh:
-** introduce variations: USER
+** introduce more variations: USER
+** confirm the others are really working
 ** 'makepkg --skippgpcheck' should be replaced by 'makepkg' and 'echo "keyserver-options auto-key-retrieve" >> ~/.gnupg/gpg.conf'
 *** this should make this obselete: 'schroot --directory /tmp -c source:jenkins-reproducible-arch -- grep  ^validpgpkeys= $PKG/PKGBUILD|cut -d "'" -f2|xargs schroot --directory /tmp -c source:jenkins-reproducible-arch -- gpg --recv-keys'
 * create a working scheduler job
+** test 'extra' too
 ** idea: reschedule reverse build depends too
 * more random notes:
-** patch pacman to create .buildinfo files - or better: wait
 ** rename arch scripts and jobs to archlinux
-*** remember to adop cleanup_schroot_sessions() in common_functions.sh when renaming the schroots
+*** remember to adopt cleanup_schroot_sessions() in common_functions.sh when renaming the schroots
 ** use archlinux.css not the one from freebsd :)
 *** use arch logo
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/qa/jenkins.debian.net.git