[Qa-jenkins-scm] [Git][qa/jenkins.debian.net][master] 2 commits: reproducible Debian rebuilder 'thing': explain secondary goal better

Holger Levsen gitlab at salsa.debian.org
Sat May 2 12:22:07 BST 2020 


Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net


Commits:
fe8c07e2 by Holger Levsen at 2020-05-02T11:58:09+02:00
reproducible Debian rebuilder 'thing': explain secondary goal better

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -
6a24b95c by Holger Levsen at 2020-05-02T13:21:57+02:00
reproducible Debian rebuilder 'thing': deal with unsigned .buildinfo files

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -


2 changed files:

- TODO
- bin/reproducible_debian_rebuilder_prototype.sh


Changes:

=====================================
TODO
=====================================
@@ -66,9 +66,9 @@ See link:https://jenkins.debian.net/userContent/about.html["about jenkins.debian
 * prototype only dealing with bullseye and amd64 (and arch all packages)
 ** 1st step: download a specific .buildinfo file and sbuild it - done
 ** 2nd step: choose a random package from bullseye and fetch the .buildinfo file from builtin-pho and build it - done
+*** done: deal with unsigned .buildinfo files, some buildds published a lot of those
 *** next: file a wishlist bug for the DIST_BASE= feature...
-*** then: find the NEXT in the code and go to step 3
-** 3rd step: put result in db in pb7
+** 3rd step: put result in db in pb7: search for NEXT in the _prototype.sh
 ** 4th step: have some scheduler job and a rebuilder job picking up tasks
 *** scheduler on pb7
 *** rebuilds on osuosl173


=====================================
bin/reproducible_debian_rebuilder_prototype.sh
=====================================
@@ -8,7 +8,10 @@ cat << EOF
 
 ###########################################################################################
 ###											###
-### the goal is to create json export to integrate in tracker.d.o and/or packages.d.o	###
+### one goal is to create json export to integrate in tracker.d.o and/or packages.d.o.  ###
+### another is to polish /usr/bin/debrebuild from src:devscripts to enable anyone to    ###
+### independently verify that a distributed Debian binary packages comes from the       ###
+### source package it's said to be coming from.						###
 ###											###
 ### the aim is to develop a 'real world' view about the reproducibility of all the      ###
 ### packages distributed via ftp.d.o. - so far tests.r-b.o/debian only shows the 	###
@@ -91,12 +94,19 @@ cd $BTPKG
 # main: this is basically a description of the steps to use debrebuild today...
 #
 
-# use gpg here to workaround #955050 in devscripts: debrebuild: please accepted signed .buildinfo files
 output_echo "downloading $URLPATH/$FILE"
-# FIXME: this will fail with unsigned .buildinfo files
-curl $URLPATH/$FILE | gpg > $FILE || true # we cannot validate the signature and we don't care
-echo
-output_echo  "$URLPATH/$FILE with gpg signature stripped:"
+curl $URLPATH/$FILE > $FILE
+if head -1 $FILE | grep -q 'BEGIN PGP SIGNED MESSAGE' ; then
+	# workaround #955050 in devscripts: debrebuild: please accepted signed .buildinfo files
+	TMPFILE=$(mktemp -t debrebuild-buildinfo.XXXXXXXX)
+	cp $FILE $TMPFILE
+	gpg $TMPFILE > $FILE || true # we cannot validate the signature and we don't care
+rm $TMPFILE
+	echo
+	output_echo  "$URLPATH/$FILE with gpg signature stripped:"
+else
+	output_echo  "$URLPATH/$FILE is unsigned:"
+fi
 cat $FILE
 # a successful build might overwrite the original .buildinfo file...
 cp $FILE $FILE.orig
@@ -108,7 +118,7 @@ output_echo "fetching source package $PKG"
 dget https://deb.debian.org/debian/pool/main/$POOLPATH/$PKG/${PKG}_$VERSION.dsc
 
 # prepare rebuild command
-DEBREBUILD=$(mktemp -t debrebuild.XXXXXXXX)
+DEBREBUILD=$(mktemp -t debrebuild-cmd.XXXXXXXX)
 output_echo "trying to debrebuild $PKG"
 # workaround until devscripts 2.20.3 is released
 /srv/jenkins/bin/rb-debrebuild $FILE 2>&1 | tee $DEBREBUILD



View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/compare/80636eacc880fc3360a1e2342e18cd5f1dc3a29e...6a24b95c21df395d6bbc9ee58a2e8cf5feecc983

-- 
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/compare/80636eacc880fc3360a1e2342e18cd5f1dc3a29e...6a24b95c21df395d6bbc9ee58a2e8cf5feecc983
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20200502/e81833f1/attachment-0001.html>

More information about the Qa-jenkins-scm mailing list