[Qa-jenkins-scm] [Git][qa/jenkins.debian.net][master] reproducible Debian: very first stab at building and comparing live-images
Holger Levsen (@holger)
gitlab at salsa.debian.org
Tue Jun 15 16:14:54 BST 2021
Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net
Commits:
cc531053 by Holger Levsen at 2021-06-15T17:14:46+02:00
reproducible Debian: very first stab at building and comparing live-images
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
5 changed files:
- README.infrastructure
- bin/jenkins_node_wrapper.sh
- + bin/reproducible_debian_live_build.sh
- job-cfg/reproducible.yaml
- update_jdn.sh
Changes:
=====================================
README.infrastructure
=====================================
@@ -52,7 +52,7 @@ The nodes are used for these jobs:
* osuosl171: openwrt, coreboot, netbsd
** is constantly online (in jenkins) now, which is not how we like it and still doesnt solve the netbsd job probs
* osuosl172: openwrt, coreboot (future)
-* osuosl173: debian/archlinux rebuilder#1
+* osuosl173: debian/archlinux rebuilder#1 / live-builds
* osuosl174: bwiedemann, opensuse tests
Please note that the machines are called gcc167-174 at osuosl.org, though usually
=====================================
bin/jenkins_node_wrapper.sh
=====================================
@@ -2,7 +2,7 @@
# vim: set noexpandtab:
# Copyright (c) 2009, 2010, 2012, 2015 Peter Palfrader
-# 2015-2020 Holger Levsen
+# 2015-2021 Holger Levsen
# 2017-2018 Mattia Rizzolo <mattia at debian.org>
#
# Permission is hereby granted, free of charge, to any person obtaining
@@ -172,6 +172,8 @@ elif [ "$1" = "/srv/jenkins/bin/reproducible_build_archlinux_pkg.sh" ] && ( [ "$
exec /srv/jenkins/bin/reproducible_build_archlinux_pkg.sh "$2" "$3" "$4" "$5" "$6" ; croak "Exec failed";
elif [ "$1" = "/srv/jenkins/bin/reproducible_build_rpm.sh" ] && ( [ "$2" = "1" ] || [ "$2" = "2" ] ) ; then
exec /srv/jenkins/bin/reproducible_build_rpm.sh "$2" "$3" "$4" "$5" "$6" "$7" ; croak "Exec failed";
+elif [ "$1" = "reproducible_debian_live_build" ] ; then
+ exec /srv/jenkins/bin/reproducible_debian_live_build.sh ; croak "Exec failed";
elif [ "$1" = "reproducible_compare_Debian_sha1sums" ] ; then
exec /srv/jenkins/bin/reproducible_compare_Debian_sha1sums.sh ; croak "Exec failed";
elif [ "$1" = "reproducible_compare_Debian_sha1sums_forward_runner" ] ; then
=====================================
bin/reproducible_debian_live_build.sh
=====================================
@@ -0,0 +1,71 @@
+#!/bin/bash
+# vim: set noexpandtab:
+
+# Copyright 2021 Holger Levsen <holger at layer-acht.org>
+# released under the GPLv2
+
+DEBUG=true
+. /srv/jenkins/bin/common-functions.sh
+common_init "$@"
+
+# common code for tests.reproducible-builds.org
+. /srv/jenkins/bin/reproducible_common.sh
+set -e
+set -o pipefail # see eg http://petereisentraut.blogspot.com/2010/11/pipefail.html
+
+output_echo() {
+ echo "###########################################################################################"
+ echo
+ echo -e "$(date -u) - $1"
+ echo
+}
+
+#
+# main: follow https://wiki.debian.org/ReproducibleInstalls/LiveImages
+#
+
+# 1st build
+export LIVE_BUILD=$(mktemp -d -t live-build.XXXXXXXX)
+export LB_OUTPUT=$(mktemp -t live-build.XXXXXXXX)
+export SOURCE_DATE_EPOCH=1609489883a # why this one
+
+# config first
+lb config --parent-mirror-bootstrap http://deb.debian.org/debian \
+ --parent-mirror-binary http://deb.debian.org/debian \
+ --security false \
+ --updates false \
+ --apt-options "--yes -o Acquire::Check-Valid-Until=false" \
+ --distribution bullseye \
+ --debian-installer live \
+ --cache-packages false \
+ 2>&1 | tee $LB_OUTPUT
+RESULT=$?
+if [ "$RESULT" != "0" ] ; then
+ output_echo "Warning: lb config filed with $RESULT"
+fi
+
+# build
+lb build | tee -a $LB_OUTPUT
+RESULT=$?
+if [ "$RESULT" != "0" ] ; then
+ output_echo "Warning: lb config filed with $RESULT"
+fi
+
+# finally cleanup
+lb clean --purge | tee -a $LB_OUTPUT
+RESULT=$?
+if [ "$RESULT" != "0" ] ; then
+ output_echo "Warning: lb config filed with $RESULT"
+fi
+
+# move the image away
+# do 2nd build
+# do 2nd build with more customisations
+# compare images
+# rm images
+# build other flavors
+# build unstable too
+
+# the end
+rm -f $LIVE_BUILD $LB_OUTPUT
+output_echo "the end."
=====================================
job-cfg/reproducible.yaml
=====================================
@@ -625,6 +625,11 @@
my_timed: '23 23 * * *'
my_shell: '/srv/jenkins/bin/diffoscope_distribution_test.sh'
my_recipients: 'jenkins+reproducible-changes qa-jenkins-scm at lists.alioth.debian.org'
+ - 'debian_live_build':
+ my_description: 'Build Debian live image using live-build'
+ my_timed: '55 11 * * *'
+ my_hname: 'osuosl173'
+ my_shell: '/srv/jenkins/bin/jenkins_master_wrapper.sh'
- 'compare_Debian_sha1sums':
my_description: 'Compare sha1sums of Debian binary packages with rebuild ones'
my_timed: '55 23 * * *'
=====================================
update_jdn.sh
=====================================
@@ -380,7 +380,8 @@ if [ -f /etc/debian_version ] ; then
esac
case $HOSTNAME in
# needed for rebuilding Debian (using .buildinfo files)
- osuosl173-amd64) DEBS="$DEBS libdpkg-perl libwww-mechanize-perl sbuild" ;;
+ osuosl173-amd64) DEBS="$DEBS libdpkg-perl libwww-mechanize-perl sbuild"
+ DEBS="$DEBS live-build" ;; # needed for live-build
# needed for opensuse openbuildservice
osuosl174-amd64) DEBS="$DEBS osc obs-build qemu-kvm libjson-perl libxml-simple-perl bsdtar" ;;
*) ;;
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/cc531053c03cfb784422c792a1b7816ddb8044f3
--
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/cc531053c03cfb784422c792a1b7816ddb8044f3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20210615/dd3d74ab/attachment-0001.htm>
More information about the Qa-jenkins-scm
mailing list