Re: Gitlab support for Debian repositories (Was: Regarding the new "Debian User Repository")
On Mon, Jul 05, 2021 at 12:31:10PM +0000, Holger Levsen wrote:
> On Mon, Jul 05, 2021 at 02:09:36PM +0200, Mathieu Parent (Debian) wrote:
> > > Do you have plans to support publishing builds only if they've produced
> > > bit by bit identical results on several builders? IOW, do you plan to
> > > support reproducible builds? :)
> >
> > There is no specific support for reproducible builds. Currently,
> > buildinfo files can be uploaded and are kept, with the metadata stored
> > in the DB. but nothing is done yet with those.
>
> yeah :/
>
> > But reproducibility can be tested in GItlab jobs, before the upload.
>
> that's nice, but rather theoretic (however common it is today) in practice :)
> It would be really interesting / a game changer, to have a publishing option
> which would only allow publishing of builds proven in practice to be
> identical.
It's actually fairly easy to do that:
- Create two runners, with different tags (e.g., one tagged "build1",
and one tagged "build2"). One can be a docker runner, the other a
shell runner, just to keep things interesting.
- Create two jobs that build the same source in ways that might trigger
reproducability issues (I'm sure you're better at this than me). Make
sure that they don't store their artifacts in the same location (e.g.,
one job runs "dcmd mv ../*.changes products/build1/", and the other
one does "dcmd mv ../*.changes products/build2/").
- Have a third job that depends on both the above two jobs, and that
runs diffoscope over the artifacts of both jobs. If and only if the
diffoscope doesn't reveal any issues, run dput to upload the packages.
I think the salsa-CI team can easily add support for this to their
generic pipeline...
--
w@uter.{be,co.za}
wouter@{grep.be,fosdem.org,debian.org}
Reply to: