Re: binNMU or reproducible builds (choose only one)

To: debian-devel@lists.debian.org
Subject: Re: binNMU or reproducible builds (choose only one)
From: Simon McVittie <smcv@debian.org>
Date: Thu, 17 Sep 2015 23:39:52 +0100
Message-id: <[🔎] 55FB4138.1090200@debian.org>
In-reply-to: <[🔎] 20150917205315.GB16489@nuc>
References: <[🔎] alpine.DEB.2.11.1509172151150.19080@cantor.unex.es> <[🔎] 55FB21E3.3020301@thykier.net> <[🔎] 20150917205315.GB16489@nuc>

On 17/09/15 21:53, Santiago Vila wrote:
> Ok. It may be worth to change the tool to do source-only uploads instead
> (which, combined with the Arch: all autobuilder, should yield the
> same result).

BinNMUs don't upload any source at all. They instruct the autobuilders
to run sbuild with some non-default options ("sbuild --binNMU=2
--make-binNMU "Rebuild with foo 3" foo_1.2-3" will result in
foo_1.2-3+b2_i386.changes, I think), and sbuild on each autobuilder
downloads the foo_1.2-3.dsc that already exists in the archive.

The only inherent conflict that I can see between binNMUs and
reproducible builds is that all attempts to reproduce the original build
need to prepend the same changelog entry as the original build, for
example by copying them from the build info that will already be
necessary to be able to use the same build-dependency versions.

BinNMUs that happen for all architectures + source simultaneously might
be good to have eventually, to remove some of the weird special cases
from packaging; but if the packages where I've tried it recently are a
reasonably representative sample, I'd estimate that about half the
packages that have both arch:any and arch:all are initially going to
FTBFS on the "all" autobuilder, so we shouldn't rush into that.

Historically, maintainers have normally built source, "all" and one
architecture (dpkg-buildpackage without special options; sbuild -As).
That's well-tested and will usually work, and if it doesn't, it quickly
attracts severity:serious bugs. One of Ubuntu's autobuilder
architectures (I think it's amd64?) is also responsible for their
arch:all packages; it builds with dpkg-buildpackage -b (sbuild -A).
That's very similar to a sourceful upload, so in practice it'll also work.

Debian autobuilders, and Ubuntu's other autobuilders, build  with
dpkg-buildpackage -B (sbuild without special options). Again, that's
well-tested and will usually work, and where it doesn't, it's normally
severity:serious.

Unlike the approach taken in Ubuntu, the new arch:all autobuilder
specifically only builds "all" even if the source produces arch:any
binaries (dpkg-buildpackage -A, sbuild --arch-all-only[1]), which has
not been frequently tested up until now. In my experience, things that
haven't been tested usually don't work.

    S

[1] no released version of sbuild has this option; it's new in git

Reply to:

Follow-Ups:
- Re: binNMU or reproducible builds (choose only one)
  - From: Jérémy Bobbio <lunar@debian.org>

References:
- binNMU or reproducible builds (choose only one)
  - From: Santiago Vila <sanvila@unex.es>
- Re: binNMU or reproducible builds (choose only one)
  - From: Niels Thykier <niels@thykier.net>
- Re: binNMU or reproducible builds (choose only one)
  - From: Santiago Vila <sanvila@unex.es>

Prev by Date: Re: binNMU or reproducible builds (choose only one)
Next by Date: Work-needing packages report for Sep 18, 2015
Previous by thread: Re: binNMU or reproducible builds (choose only one)
Next by thread: Re: binNMU or reproducible builds (choose only one)
Index(es):
- Date
- Thread