[Qa-jenkins-scm] [Git][qa/jenkins.debian.net][master] reproducible Debian: very first stab at building and comparing live-images

Holger Levsen (@holger) gitlab at salsa.debian.org
Tue Jun 15 16:14:54 BST 2021



Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net


Commits:
cc531053 by Holger Levsen at 2021-06-15T17:14:46+02:00
reproducible Debian: very first stab at building and comparing live-images

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -


5 changed files:

- README.infrastructure
- bin/jenkins_node_wrapper.sh
- + bin/reproducible_debian_live_build.sh
- job-cfg/reproducible.yaml
- update_jdn.sh


Changes:

=====================================
README.infrastructure
=====================================
@@ -52,7 +52,7 @@ The nodes are used for these jobs:
 * osuosl171: openwrt, coreboot, netbsd
 ** is constantly online (in jenkins) now, which is not how we like it and still doesnt solve the netbsd job probs
 * osuosl172: openwrt, coreboot (future)
-* osuosl173: debian/archlinux rebuilder#1
+* osuosl173: debian/archlinux rebuilder#1 / live-builds
 * osuosl174: bwiedemann, opensuse tests
 
 Please note that the machines are called gcc167-174 at osuosl.org, though usually


=====================================
bin/jenkins_node_wrapper.sh
=====================================
@@ -2,7 +2,7 @@
 # vim: set noexpandtab:
 
 # Copyright (c) 2009, 2010, 2012, 2015 Peter Palfrader
-#               2015-2020 Holger Levsen
+#               2015-2021 Holger Levsen
 #               2017-2018 Mattia Rizzolo <mattia at debian.org>
 #
 # Permission is hereby granted, free of charge, to any person obtaining
@@ -172,6 +172,8 @@ elif [ "$1" = "/srv/jenkins/bin/reproducible_build_archlinux_pkg.sh" ] && ( [ "$
 	exec /srv/jenkins/bin/reproducible_build_archlinux_pkg.sh "$2" "$3" "$4" "$5" "$6" ; croak "Exec failed";
 elif [ "$1" = "/srv/jenkins/bin/reproducible_build_rpm.sh" ] && ( [ "$2" = "1" ] || [ "$2" = "2" ] ) ; then
 	exec /srv/jenkins/bin/reproducible_build_rpm.sh "$2" "$3" "$4" "$5" "$6" "$7" ; croak "Exec failed";
+elif [ "$1" = "reproducible_debian_live_build" ] ; then
+	exec /srv/jenkins/bin/reproducible_debian_live_build.sh ; croak "Exec failed";
 elif [ "$1" = "reproducible_compare_Debian_sha1sums" ] ; then
 	exec /srv/jenkins/bin/reproducible_compare_Debian_sha1sums.sh ; croak "Exec failed";
 elif [ "$1" = "reproducible_compare_Debian_sha1sums_forward_runner" ] ; then


=====================================
bin/reproducible_debian_live_build.sh
=====================================
@@ -0,0 +1,71 @@
+#!/bin/bash
+# vim: set noexpandtab:
+
+# Copyright 2021 Holger Levsen <holger at layer-acht.org>
+# released under the GPLv2
+
+DEBUG=true
+. /srv/jenkins/bin/common-functions.sh
+common_init "$@"
+
+# common code for tests.reproducible-builds.org
+. /srv/jenkins/bin/reproducible_common.sh
+set -e
+set -o pipefail		# see eg http://petereisentraut.blogspot.com/2010/11/pipefail.html
+
+output_echo() {
+	echo "###########################################################################################"
+	echo
+	echo -e "$(date -u) - $1"
+	echo
+}
+
+#
+# main: follow https://wiki.debian.org/ReproducibleInstalls/LiveImages
+#
+
+# 1st build
+export LIVE_BUILD=$(mktemp -d -t live-build.XXXXXXXX)
+export LB_OUTPUT=$(mktemp -t live-build.XXXXXXXX)
+export SOURCE_DATE_EPOCH=1609489883a  # why this one
+
+# config first
+lb config --parent-mirror-bootstrap http://deb.debian.org/debian \
+	--parent-mirror-binary http://deb.debian.org/debian \
+	--security false \
+	--updates false \
+	--apt-options "--yes -o Acquire::Check-Valid-Until=false" \
+	--distribution bullseye \
+	--debian-installer live \
+	--cache-packages false \
+	2>&1 | tee $LB_OUTPUT
+RESULT=$?
+if [ "$RESULT" != "0" ] ; then
+   output_echo "Warning: lb config filed with $RESULT"
+fi
+
+# build
+lb build | tee -a $LB_OUTPUT
+RESULT=$?
+if [ "$RESULT" != "0" ] ; then
+   output_echo "Warning: lb config filed with $RESULT"
+fi
+
+# finally cleanup
+lb clean --purge | tee -a $LB_OUTPUT
+RESULT=$?
+if [ "$RESULT" != "0" ] ; then
+   output_echo "Warning: lb config filed with $RESULT"
+fi
+
+# move the image away
+# do 2nd build
+# do 2nd build with more customisations
+# compare images
+# rm images
+# build other flavors
+# build unstable too
+
+# the end
+rm -f $LIVE_BUILD $LB_OUTPUT
+output_echo "the end."


=====================================
job-cfg/reproducible.yaml
=====================================
@@ -625,6 +625,11 @@
                     my_timed: '23 23 * * *'
                     my_shell: '/srv/jenkins/bin/diffoscope_distribution_test.sh'
                     my_recipients: 'jenkins+reproducible-changes qa-jenkins-scm at lists.alioth.debian.org'
+                - 'debian_live_build':
+                    my_description: 'Build Debian live image using live-build'
+                    my_timed: '55 11 * * *'
+                    my_hname: 'osuosl173'
+                    my_shell: '/srv/jenkins/bin/jenkins_master_wrapper.sh'
                 - 'compare_Debian_sha1sums':
                     my_description: 'Compare sha1sums of Debian binary packages with rebuild ones'
                     my_timed: '55 23 * * *'


=====================================
update_jdn.sh
=====================================
@@ -380,7 +380,8 @@ if [ -f /etc/debian_version ] ; then
 		esac
 		case $HOSTNAME in
 			# needed for rebuilding Debian (using .buildinfo files)
-			osuosl173-amd64) DEBS="$DEBS libdpkg-perl libwww-mechanize-perl sbuild" ;;
+			osuosl173-amd64) DEBS="$DEBS libdpkg-perl libwww-mechanize-perl sbuild" 
+					 DEBS="$DEBS live-build" ;; # needed for live-build
 			# needed for opensuse openbuildservice
 			osuosl174-amd64) DEBS="$DEBS osc obs-build qemu-kvm libjson-perl libxml-simple-perl bsdtar" ;;
 			*) ;;



View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/cc531053c03cfb784422c792a1b7816ddb8044f3

-- 
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/cc531053c03cfb784422c792a1b7816ddb8044f3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20210615/dd3d74ab/attachment-0001.htm>


More information about the Qa-jenkins-scm mailing list