[Reproducible-builds] simple next step for getting .buildinfo files into Debian

Niels Thykier niels at thykier.net
Mon Dec 14 21:14:55 UTC 2015

Holger Levsen:
> Hi ftp folks,


> while we still appreciate your comments on this proposal as last week 
> described in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763822 I'd like 
> to make a intermediate very simple proposal, so that reproducible builds in 
> Debian get one step forward:

I have started a git branch, build-info-support, available from:

* ssh://release.debian.org/~nthykier/dak

I realise that not every one have access to that machine, so the patches
are also attached (@FTP: The branch have signed commits, so you may
prefer merging form that).

> - modify dak, so that it will not rejects uploads with a .buildinfo file 
> included. 

I got patches to have dak accept these and do some trivial validation
(but not every validation proposed).  I will extend my branch as time
permits with additional checks.

> - still, for now, throw the .buildinfo file immediately away.

I have assumed this happens if you do no nothing explicitly with the
file after it being accepted.

 * @FTP: If not, please let me know how I can have dak discard the file.

> - only do this for experimental at the beginning. (maybe this restriction is 
> not even needed/useful.)

 * Given the file is discarded, I have not added any such restrictions
   in my patch series.

> That's it.
> This would allow the dpkg maintainers to enable .buildinfo file creation, at 
> least for builds for experimental.
> What do you think?

FWIW, I agree. :)

> As I see it, this should be a rather trivial code change for dak and yet bring 
> us forward quite enourmously. Also it should be rather uncontroversial as we 
> all agreed in Heidelberg at DebConf15 that we want .buildinfo files in Debian… 
> cheers,
> 	Holger


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-daklib-upload.py-Silently-accept-and-discard-.buildi.patch
Type: text/x-patch
Size: 1921 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20151214/57b58685/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Do-very-basic-validation-of-.buildinfo-files.patch
Type: text/x-patch
Size: 4526 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20151214/57b58685/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20151214/57b58685/attachment.sig>

More information about the Reproducible-builds mailing list