Bug#926242: jenkins.debian.org: Please test reproducibility status of Debian Installer images

Mattia Rizzolo mattia at debian.org
Tue Apr 2 15:09:18 BST 2019 

user jenkins.debian.org at packages.debian.org
usertags 926242 reproducible
thanks

On Tue, Apr 02, 2019 at 09:30:58AM -0400, Chris Lamb wrote:
> However, it would be great if we had some continuous testing of this,
> with the usual bells-and-whistles of running/publishing diffoscope
> reports, etc.
> 
> Due to the d-i testing release cycle it would be great to find any
> regressions so they can get merged in time for whatever the next
> alpha/beta is particularly as we (completely correctly!) get more
> conservative with any changes respect to the upcoming release of
> "buster."

Does the installer need anything special?  I thought d-i was just like
any other package when it came to regular building it.

> Whilst I think of it, there is also the separate issue of ensuring we
> generate a .buildinfo (or .buildinfo-like) build attestation document so
> that others can reproduce the build at a later date and further ensure
> this is published or otherwise available somewhere for official
> releases… but I was hoping it would become more obvious what we needed
> (without guessing) once we have testing.

If d-i is like I assume it be, there should a regular buildinfo as well,
see https://buildinfo.debian.net/sources/debian-installer for what I
mean.

> Mattia, is this something you could proof-of-concept…?

So the reason src:debian-installer does not build at this moment, it's
because it *is* a bit of a snowflake as it wants to access a debian
archive while it builds.  Currently pbuilder doesn't have a "whistlist"
method to block all networking but to a particular site, which is what
would be needed to solve this nicely.

One way to workaround this problem of src:debian-installer, would be for
our building script to instruct pbuilder to not block the network when
it's building this special package.  I think that's acceptable, given
that d-i is not a random package... :)


Am I missing some other detail?

-- 
regards,
                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
more about me:  https://mapreri.org                             : :'  :
Launchpad user: https://launchpad.net/~mapreri                  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-dev/attachments/20190402/d7ea00b1/attachment.sig>

More information about the Qa-jenkins-dev mailing list