#774415: devscripts: please add the srebuild wrapper for reproducible builds

Holger Levsen holger at layer-acht.org
Sun Oct 6 20:02:38 BST 2019 

hi,

so I thought I'd be bold and add the srebuild wrapper to src:devscripts
in git this weekend...

So I re-read https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774415
rather completly and noticed, that

- the branch devscripts-srebuild from https://salsa.debian.org/yadd/devscripts
  for a long time used the 2014 srebuild script from josch and was only
  'recently' based on the 2016 debrebuild script from josch.
  (The last 4 commits on this branch have all this history and thus are
  easy to grasp.)

- the NYU rebuilders OTOH use a by now quite modified version of the
  2014 srebuild script (with support for in-toto etc), see
  https://salsa.debian.org/reproducible-builds/debian-rebuilder-setup/blob/master/builder/srebuild

- the authoritive source/git repo for josch script(s) is the #774415 bug
  report? Or yadd's repo? ;)

- the 2016 debrebuild script doesn't do a rebuild by itself but produces
  a command which is to be run with sudo, so we need another wrapper
  here.

- there is also https://salsa.debian.org/reproducible-builds/attic/reprobuild/blob/master/repro-build.pl
  from Steven Chamberlain...

- for the sake of presenting a complete picture of this discussion I
  want to state that I also thought about packaging $name (srebuild,
  debrebuild, repro-build, whatever) as a seperate package, not part of
  devscripts. I've decided, at least for now, to first try to make it
  usable as part of the devscripts packages. Maybe however we want more
  configurability (like the in-toto support or other stuff which was
  added to NYU's srebuild fork) and this wont work in the long term.

- I think I'd like "something working most or even half the time"
  installable in Debian unstable by the end of the month. This is long
  overdue. (tm)
  (Only halfworking would be fine (for a start) for me cause there are
  quite some special cases, like binNMUs or support for unclean build
  envs or whatever.)

- I think I want(ed) to package the debrebuild script, as this is josch's
  reimplementation of the same problem. And I thought NYU had some
  patches on top of this and I was thinking to sort out this fork later
  (eg by making some of their features optional), but now I've seen that
  they forked the old srebuild script and I'm unsure what to do.

Comments, suggestions or any other feedback much welcome!


-- 
cheers,
	Holger

-------------------------------------------------------------------------------
               holger@(debian|reproducible-builds|layer-acht).org
       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/reproducible-builds/attachments/20191006/d840a0ce/attachment.sig>

More information about the Reproducible-builds mailing list