Bug#802241: #802241: dpkg: please store the hash of the installed .deb and allow to query it
Holger Levsen
holger at layer-acht.org
Sat Jun 9 21:12:33 BST 2018
Hi josch,
adding #774415 to to: and reply-to:…
On Fri, Jun 08, 2018 at 07:54:20PM +0200, Johannes Schauer wrote:
> > as I'm not an sbuild user (yet) myself, I was hesistant to try this
> > myself, so I'm confused now: does it work as it is now? (or does it need
> > changes to snapshot.d.o?)
>
> yes, it does work as it is now.
>
> Just supply the script with a buildinfo file to see it in action.
>
> It does not require superuser privileges.
>
> The script will query snapshot.debian.org to retrieve the right snapshot
> timestamp that contains all the package versions specified in the buildinfo
> file.
>
> At the end of execution the script will print how to either reproduce the
> buildinfo manually via dpkg-buildpackage or how to run sbuild such that it does
> it for you.
>
> People who know how to use pbuilder could easily add a section that outputs how
> to run pbuilder to do the same.
>
> Naturally, instead of just printing how to use sbuild or pbuilder, the script
> could also be made actually run either.
>
> The main two limitations of the script are:
>
> 1. it will fail if there is not a single snapshot that contains all the right
> package versions
>
> 2. it will instruct sbuild/pbuilder to use the last stable release as the base
> which might not allow upgrading to the right package versions
>
> Both issues can be fixed by manually downloading exactly the required binary
> package set and creating a completely new chroot with exactly the required
> packages. But I didn't get around to doing that yet.
thank you very much for this nice summary!
As it sounds, I now believe this script would better live in
src:devscripts and as such I would like to reassign #774415 to
devscripts - or do you see any issue with that?
--
cheers,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/reproducible-builds/attachments/20180609/d52c8a88/attachment.sig>
More information about the Reproducible-builds
mailing list