Bug#863622: apt: warn when installing packages that are not reproducible

Chris Lamb lamby at debian.org
Mon May 29 11:24:29 UTC 2017 

Package: apt
Severity: wishlist
X-Debbugs-CC: reproducible-builds at lists.alioth.debian.org

Hi,

APT should (eventually) warn when installing packages that are not
reproducible. 

Clearly, all the bits to make this work today are not in dak, APT, the
mirrors, etc. However, I thought it was best to experiment early with
the potential user interface.

This would ensure that we know exactly what data we need and we don't
make a big mistake and miss something.

To this end, I've attached a proof of concept patch. Example output:

  $ apt install python-pywt-doc
  Reading package lists... Done
  Building dependency tree       
  Reading state information... Done
  The following NEW packages will be installed:
    python-pywt-doc
  0 upgraded, 1 newly installed, 0 to remove and 4 not upgraded.
  Need to get 102 kB of archives.
  After this operation, 978 kB of additional disk space will be used.
  WARNING: The following packages are not reproducible!
    python-pywt-doc
  Install these packages anyway? [y/N]

  $ echo $?
  130


It takes an expected "--allow-unreproducible" argument, as well as an
"-o Debug::pkgAcquire::Reproducible=true" if you want to debug it. I
might play with it more at https://github.com/lamby/apt on the
reproducible-ui branch:

  https://github.com/lamby/apt/tree/lamby/wip/reproducible-ui

Just to be clear, the patch is obviously an digusting hack and you
should not use it, hence the lack of a "patch" tag (!).

(We would also — later please! — need to agree on what "reproducible"
really means in terms of multiple builders.)


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org / chris-lamb.co.uk
       `-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Warn-when-installing-packages-that-are-not-reproduci.patch
Type: text/x-diff
Size: 9852 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20170529/71580631/attachment.patch>

More information about the Reproducible-builds mailing list