[Reproducible-builds] Recording build path in .buildinfo

Jérémy Bobbio lunar at debian.org
Tue Dec 2 15:56:18 UTC 2014 

Daniel Kahn Gillmor:
> On 11/19/2014 07:42 AM, Jérémy Bobbio wrote:
> > While I still think it would be a good idea to write these patches and
> > push for a canonical build location, I am now thinking that there's a
> > way to be a bit more flexible. If we would record the build path as part
> > of the environment in the .buildinfo, the (yet-to-be-written) `srebuild`
> > script could unpack the source in that location and simply build it from
> > there.
> 
> on the one hand, i'm a bit leery about allowing srebuild to
> automatically place the build tree at any arbitrary location.
> 
> what if .buildinfo says "oh yeah, unpack this thing into /etc" (or /root
> or /usr)?
> 
> otoh, the .buildinfo also says "install these versions of these
> packages" so maybe it's just not that big a deal.  (and srebuild could
> also just decline to unpack things in particularly ugly locations)

I had the latter in mind. We can specificy a whitelist of directories in
`srebuild` documentation, but I don't think such a list belongs to the
.buildinfo specification.

> Ultimately, i don't think i see any real harm in including the build
> path in .buildinfo -- certainly once we get around to finally making
> things always build in the canonical build path, then great! everyone's
> will look the same.

The other thing that came up to my mind is the following: what if we
change the canonical path one day? I think we would still be able to
reproduce older source packages without having to tweak or use an old
version of the rebuilding tool.

> And if including the build path in .buildinfo unblocks the current
> process at all, it's probably worth doing.

I went ahead and made the change to the specification:
https://wiki.debian.org/ReproducibleBuilds/BuildinfoSpecification?action=diff&rev2=4&rev1=3


It'll be great if someone could add the new field to our prototype
.buildinfo generator. Or go for a bigger jump and implements something
suitable for inclusion in dpkg.

-- 
Lunar                                .''`. 
lunar at debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20141202/45b140a8/attachment.sig>

More information about the Reproducible-builds mailing list