[Qa-jenkins-scm] [Git][qa/jenkins.debian.net][master] 2 commits: reproducible Debian rebuilder 'thing': explain secondary goal better
Holger Levsen
gitlab at salsa.debian.org
Sat May 2 12:22:07 BST 2020
Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net
Commits:
fe8c07e2 by Holger Levsen at 2020-05-02T11:58:09+02:00
reproducible Debian rebuilder 'thing': explain secondary goal better
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
6a24b95c by Holger Levsen at 2020-05-02T13:21:57+02:00
reproducible Debian rebuilder 'thing': deal with unsigned .buildinfo files
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
2 changed files:
- TODO
- bin/reproducible_debian_rebuilder_prototype.sh
Changes:
=====================================
TODO
=====================================
@@ -66,9 +66,9 @@ See link:https://jenkins.debian.net/userContent/about.html["about jenkins.debian
* prototype only dealing with bullseye and amd64 (and arch all packages)
** 1st step: download a specific .buildinfo file and sbuild it - done
** 2nd step: choose a random package from bullseye and fetch the .buildinfo file from builtin-pho and build it - done
+*** done: deal with unsigned .buildinfo files, some buildds published a lot of those
*** next: file a wishlist bug for the DIST_BASE= feature...
-*** then: find the NEXT in the code and go to step 3
-** 3rd step: put result in db in pb7
+** 3rd step: put result in db in pb7: search for NEXT in the _prototype.sh
** 4th step: have some scheduler job and a rebuilder job picking up tasks
*** scheduler on pb7
*** rebuilds on osuosl173
=====================================
bin/reproducible_debian_rebuilder_prototype.sh
=====================================
@@ -8,7 +8,10 @@ cat << EOF
###########################################################################################
### ###
-### the goal is to create json export to integrate in tracker.d.o and/or packages.d.o ###
+### one goal is to create json export to integrate in tracker.d.o and/or packages.d.o. ###
+### another is to polish /usr/bin/debrebuild from src:devscripts to enable anyone to ###
+### independently verify that a distributed Debian binary packages comes from the ###
+### source package it's said to be coming from. ###
### ###
### the aim is to develop a 'real world' view about the reproducibility of all the ###
### packages distributed via ftp.d.o. - so far tests.r-b.o/debian only shows the ###
@@ -91,12 +94,19 @@ cd $BTPKG
# main: this is basically a description of the steps to use debrebuild today...
#
-# use gpg here to workaround #955050 in devscripts: debrebuild: please accepted signed .buildinfo files
output_echo "downloading $URLPATH/$FILE"
-# FIXME: this will fail with unsigned .buildinfo files
-curl $URLPATH/$FILE | gpg > $FILE || true # we cannot validate the signature and we don't care
-echo
-output_echo "$URLPATH/$FILE with gpg signature stripped:"
+curl $URLPATH/$FILE > $FILE
+if head -1 $FILE | grep -q 'BEGIN PGP SIGNED MESSAGE' ; then
+ # workaround #955050 in devscripts: debrebuild: please accepted signed .buildinfo files
+ TMPFILE=$(mktemp -t debrebuild-buildinfo.XXXXXXXX)
+ cp $FILE $TMPFILE
+ gpg $TMPFILE > $FILE || true # we cannot validate the signature and we don't care
+rm $TMPFILE
+ echo
+ output_echo "$URLPATH/$FILE with gpg signature stripped:"
+else
+ output_echo "$URLPATH/$FILE is unsigned:"
+fi
cat $FILE
# a successful build might overwrite the original .buildinfo file...
cp $FILE $FILE.orig
@@ -108,7 +118,7 @@ output_echo "fetching source package $PKG"
dget https://deb.debian.org/debian/pool/main/$POOLPATH/$PKG/${PKG}_$VERSION.dsc
# prepare rebuild command
-DEBREBUILD=$(mktemp -t debrebuild.XXXXXXXX)
+DEBREBUILD=$(mktemp -t debrebuild-cmd.XXXXXXXX)
output_echo "trying to debrebuild $PKG"
# workaround until devscripts 2.20.3 is released
/srv/jenkins/bin/rb-debrebuild $FILE 2>&1 | tee $DEBREBUILD
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/compare/80636eacc880fc3360a1e2342e18cd5f1dc3a29e...6a24b95c21df395d6bbc9ee58a2e8cf5feecc983
--
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/compare/80636eacc880fc3360a1e2342e18cd5f1dc3a29e...6a24b95c21df395d6bbc9ee58a2e8cf5feecc983
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20200502/e81833f1/attachment-0001.html>
More information about the Qa-jenkins-scm
mailing list