[Qa-jenkins-scm] [Git][qa/jenkins.debian.net][master] reproducible Debian rebuilder prototype: document some bugs in debrebuild from devscripts

Holger Levsen gitlab at salsa.debian.org
Sat May 30 16:24:59 BST 2020 


Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net


Commits:
2fec70de by Holger Levsen at 2020-05-30T17:24:33+02:00
reproducible Debian rebuilder prototype: document some bugs in debrebuild from devscripts

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -


1 changed file:

- bin/reproducible_debian_rebuilder_prototype.sh


Changes:

=====================================
bin/reproducible_debian_rebuilder_prototype.sh
=====================================
@@ -155,12 +155,11 @@ fi
 cat $FILE
 
 # download the source early to fail early if it's not available...
-# I guess I think it would be nice if debrebuild would also do this:
-# FIXME: file another wishlist bug?
 output_echo "fetching source package $PKG ($VERSION)"
 # just download the source, don't verify it. (keys will expire and be removed from the keyrings)
-# FIXME: debrebuild should download the source code too (--optionally) and verify it matches the one described in .buildinfo file. -> file another wishlist bug.
-# FIXME: except that this won't work, contrary to what we suggested, the .buildinfo files don't contain hashes of the source package built. bummer!
+# FIXME: debrebuild should download the source code too (--optionally) and verify it matches the one described in .buildinfo file. -> this is #961861
+#        except that this won't work, contrary to what we suggested, the .buildinfo files don't contain hashes of the source package built. bummer!
+# FIXME: debrebuild also lacks a feature to assemble the source for binNMUs, see #961862
 dget --download-only --allow-unauthenticated https://deb.debian.org/debian/pool/main/$POOLPATH/$PKG/${PKG}_$EVERSION.dsc
 dscverify ${PKG}_$EVERSION.dsc || echo "Warning: failed to verify signature, continueing anyway." # FIXME: we can verify most sources in a Debian release, but never all. basically because keys expire. IOW: this is a pretty fundamental basic problem, for which I know no answer, so let's ignore it and move on ;) for now.
 



View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/2fec70de826807061d5cf55f1d9e48cf52501e93

-- 
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/2fec70de826807061d5cf55f1d9e48cf52501e93
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20200530/9c209781/attachment.html>

More information about the Qa-jenkins-scm mailing list