[Reproducible-builds] Bug#790868: sbuild: Please allow sbuild to use a deterministic build path to build packages

Jérémy Bobbio lunar at debian.org
Thu Jul 2 14:06:28 UTC 2015


Maria Valentina Marin:
> The attached patch allows users to specify a deterministic build path by
> using the new command line option --build-path or the configuration
> variable $build_path in the ~/.sbuilrc.

I don't know enough of sbuild to comment on the patch, but:

> +.BR \-\-build\-path=\fIstring\fP
> +By default the package is built in a path of the following format
> +/build/packagename-XXXXXX/packagename-version/ where XXXXXX is a random ascii
> +string. This option allows one to specify a custom path where the package is
> +built inside the chroot. Notice that the sbuild user in the chroot must have
> +permissions to create the path. Common writable locations are subdirectories of
> +/tmp or /build. Caution: the last component of the path will be RECURSIVELY
> +REMOVED after the build is finished. So NEVER specify a build path like /tmp or
> +/home/user because sbuild mounts /tmp and /home from the host into the chroot!
> +Example: If your build path is /tmp/foo then the directory foo and all its
> +content will be removed after the build is finished. If you are running
> +multiple sbuild instances with the same build path in parallel for the same
> +package, make sure that your build path is not in a directory commonly mounted
> +by all sbuild instances (like /tmp or /home). In that case, use for example
> +/build instead. Otherwise, your builds will probably fail or contain wrong
> +content.

How about using a safeguard here instead of warning users? I'd rather
not have to answer “it was written” to very angry users who just have
lost their home directory…

Maybe fail when the build path that has been set exists and is not

Lunar                                .''`. 
lunar at debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150702/12c26894/attachment.sig>

More information about the Reproducible-builds mailing list