Re: https://tracker.debian.org/pkg/dballe

To: debian-devel@lists.debian.org
Subject: Re: https://tracker.debian.org/pkg/dballe
From: Paul Wise <pabs@debian.org>
Date: Sat, 18 Jan 2020 00:57:31 +0000
Message-id: <[🔎] CAKTje6FBF+cP4LrJCHLJy_rwOZ62JfsNuVnXk2iD7SrYp7QqCw@mail.gmail.com>
In-reply-to: <[🔎] 15d3d724-b496-b82b-ec5f-f0f4191e6808@wiktel.com>
References: <20191229085244.wvf3y6cgigpdg5uc@enricozini.org> <7fd9f32e-7d7e-c548-e78f-b3cf438b6951@debian.org> <CAKTje6ErgKsxx=Qx96UMoCwys81JyQ_4iu23j_XgXv5UT7eK0A@mail.gmail.com> <[🔎] 20200113154813.GA14466@grep.be> <[🔎] CAKTje6EQ=5g98iWLEf+3aO7NyDbHYHgDTCTUumBB2WQuip3tAA@mail.gmail.com> <[🔎] tsld0bi79oo.fsf@suchdamage.org> <[🔎] 157926211131.5515.15915362283509498908@hoothoot> <[🔎] tsl8sm66y4t.fsf@suchdamage.org> <[🔎] 15d3d724-b496-b82b-ec5f-f0f4191e6808@wiktel.com>

On Fri, Jan 17, 2020 at 6:18 PM Richard Laager wrote:

> If I'm following correctly: The packager would use rustcc >= y+3 (in
> practice, likely rustcc y+5) to locally build rustcc y+5 and then do a
> binary upload. But if dak (or whatever, I'm not so familiar with the
> server side here) throws away the binary, then we're sunk. So there
> needs to be a way to note that the binary needs to be kept.
>
> Assuming I'm on the right track, here are a couple of questions:

Right.

> In such a case, would the source package have a Build-Depends of >= y+3?
> It seems like it would.

Presumably, but it is definitely possible the maintainer wouldn't know
or wouldn't record which version was needed.

> Could that be the way to indicate a bootstrap upload? In other words, if
> the package has a Build-Depends on one of the binary packages it
> produces that is _not_ satisfied in the suite it's being uploaded to but
> is satisfied by this upload, then it's a bootstrap upload, and the
> binaries should be kept. This would avoiding adding a new field for this
> and would ensure the Build-Depends are set correctly in bootstrapping
> scenarios.

At this time the workflow is like this: ftp-master.d.o accepts or
rejects the source/binaries, then it passes the source to buildd.d.o,
which checks for build-dep installability and passes the source to the
buildds. I think for your proposal to work the build-dep
installability checks would also have to move to ftp-master.d.o.

> Regardless of how the "keep the binaries" flag is implemented... should
> the uploaded binary be published, or should the package be rebuilt? I
> think I'd argue for the latter. The uploaded binary package should be
> installed on the buildd and then the package should be rebuilt from
> source, with _that_ result being put into the archive. This doesn't
> protect against the trojaned-compiler problem, but it does at least
> ensure that the package builds from source.

I definitely agree that all bootstrap binaries, whether built
automatically by the buildds (as proposed by Josch) or hacky
maintainer-built binaries, should get rebuilt on the buildds. We
already did that in the past when importing new architecture packages
from ftp.ports.d.o to ftp-master.d.o.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

References:
- Re: https://tracker.debian.org/pkg/dballe
  - From: Wouter Verhelst <wouter@debian.org>
- Re: https://tracker.debian.org/pkg/dballe
  - From: Paul Wise <pabs@debian.org>
- Re: https://tracker.debian.org/pkg/dballe
  - From: Sam Hartman <hartmans@debian.org>
- Re: https://tracker.debian.org/pkg/dballe
  - From: Johannes Schauer <josch@debian.org>
- Re: https://tracker.debian.org/pkg/dballe
  - From: Sam Hartman <hartmans@debian.org>
- Re: https://tracker.debian.org/pkg/dballe
  - From: Richard Laager <rlaager@wiktel.com>

Prev by Date: Re: https://tracker.debian.org/pkg/dballe
Next by Date: Re: Is distro-tracker accessible by some sort of API?
Previous by thread: Re: https://tracker.debian.org/pkg/dballe
Next by thread: Re: https://tracker.debian.org/pkg/dballe
Index(es):
- Date
- Thread