binutils-dev: included log files introduce reproducibility issues
Paul Wise
pabs at debian.org
Sat May 16 01:38:23 BST 2020
On Mon, 24 Feb 2020 14:09:23 -0800 Vagrant Cascadian wrote:
> Exploring avenues to put files like this into some separate artifact for
> things that are not reproducible might be one avenue
There is already the BYHAND (and automatic BYHAND) mechanisms for files
that get installed outside of pool/ in the Debian apt repository. Each
one needs support from dak too though.
https://salsa.debian.org/ftp-team/dak/-/tree/master/scripts/debian/
https://codesearch.debian.net/search?q=byhand+path%3Adebian&literal=0
The other option would be to put the files in a test results .deb file,
but that would still mean repro-builds folks would compare them, unless
there were a naming convention that could be used to ignore them.
It strikes me that these files are most similar to .buildinfo or the
build logs in that they are data *about* the builds. I've wanted
maintainers to be able to also upload build logs with their binary
builds and started a WIP patch for that.
https://salsa.debian.org/pabs/dak/-/commits/maintainer-build-logs
It looks like dpkg-genchanges can already add more files through the
debian/files input file. I managed to get my build log included in my
.changes file using this mechanism. I then attempted to upload it to
the Debian archive, queued gladly accepted the upload but dak rejected
it saying that it looks like a BYHAND package:
whowatch_1.8.6-2_amd64.changes: whowatch_1.8.6-1_amd64.build.log looks like a byhand package, but is in section build
I suggest that the dpkg-dev maintainer and the ftp-masters should be
talked to about this topic. Probably the right mechanism is to have a
convention in debian/files similar to how dbgsyms are represented and
similar to byhand but the files go into the pool like .deb files do.
whowatch_1.8.6-1_amd64.build build optional automatic=yes
whowatch-dbgsym_1.8.6-2_amd64.deb debug optional automatic=yes
--
bye,
pabs
https://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/reproducible-builds/attachments/20200516/8110513d/attachment.sig>
More information about the Reproducible-builds
mailing list