[Qa-jenkins-scm] [Git][qa/jenkins.debian.net][master] 3 commits: reproducible Debian rebuilder 'thing': mention another issue: not sure how to...

Holger Levsen gitlab at salsa.debian.org
Thu May 7 23:39:28 BST 2020 


Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net


Commits:
cb5aeaf9 by Holger Levsen at 2020-05-08T00:25:44+02:00
reproducible Debian rebuilder 'thing': mention another issue: not sure how to conceptually verify old sources...

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -
98347cff by Holger Levsen at 2020-05-08T00:33:32+02:00
reproducible Debian rebuilder 'thing': document two real world tests case for 'impossible to recreate build environment'

(sadly there are quite some in the archive it seems)

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -
9ea25174 by Holger Levsen at 2020-05-08T00:39:11+02:00
reproducible Debian rebuilder 'thing': add another real world test case: binNMUs

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -


1 changed file:

- bin/reproducible_debian_rebuilder_prototype.sh


Changes:

=====================================
bin/reproducible_debian_rebuilder_prototype.sh
=====================================
@@ -69,7 +69,9 @@ VERSION=$(grep-available -X -S $PKG -s Version $SOURCES | head -1 | cut -d ' ' -
 #
 # hardcoded test cases
 #
-PKG=libofx	; BINARY_PKG=libofx-dev 	;	VERSION=1:0.9.15-3	# has an epoch, see job #94
+#PKG=libofx		; BINARY_PKG=libofx-dev 	; VERSION=1:0.9.15-3	# cannot find libdebconfclient0/0.250/amd64 in dumpavail -> impossible to recreate build environment
+#PKG=wpewebkit		; BINARY_PKG=wpewebkit-driver	; VERSION=2.28.0-1	# cannot find libc-bin/2.29-10/amd64 in dumpavail -> impossible to recreate build environment
+PKG=libunibreak		; BINARY_PKG=libunibreak1	; VERSION=1.1-2		# binNMU (on amd64 in bullseye, but not buster)
 
 output_echo "let's try to rebuild $BINARY_PKG from src:$PKG ($VERSION) from $SUITE/$ARCH"
 EVERSION="$(echo $VERSION | cut -d ':' -f2)"  # EPOCH_FREE_VERSION is too long
@@ -141,6 +143,7 @@ cp $FILE $FILE.orig
 output_echo "fetching source package $PKG ($VERSION)"
 # just download the source, don't verify it. (keys will expire and be removed from the keyrings)
 # FIXME: debrebuild should download the source code too (--optionally) and verify it matches the one described in .buildinfo file. -> file another wishlist bug.
+# FIXME: except that this won't work, contrary to what we suggested, the .buildinfo files don't contain hashes of the source package built. bummer!
 dget --download-only --allow-unauthenticated https://deb.debian.org/debian/pool/main/$POOLPATH/$PKG/${PKG}_$EVERSION.dsc
 dscverify ${PKG}_$EVERSION.dsc || echo "Warning: failed to verify signature, continueing anyway."
 



View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/compare/c37ad851a06da14bfe6cb144570dc278cb1aca55...9ea2517438fecd5b9a657fb987db0377154a9897

-- 
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/compare/c37ad851a06da14bfe6cb144570dc278cb1aca55...9ea2517438fecd5b9a657fb987db0377154a9897
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20200507/de96716d/attachment-0001.html>

More information about the Qa-jenkins-scm mailing list