Re: Potential MBF: packages failing to build twice in a row
On August 9, 2023 5:55:41 PM UTC, Johannes Schauer Marin Rodrigues <josch@debian.org> wrote:
>Hi,
>
>Quoting Stefano Rivera (2023-08-09 14:38:56)
>> Personally, I have my sbuild configured to build a source package after the
>> build, so that I can be sure that I don't regress my own packages' clean
>> target. It would be nice if this was a default feature in sbuild, for most
>> packages this is a very quick process.
>
>I would only consider switching the default if at the same time, some checks
>were done that made sure that the result is bit-by-bit identical to the
>original.
>
>The source package is the *input* to sbuild not its output. If sbuild builds
>the source package it can happen that the resulting source package is not what
>was given to sbuild to get built before.
>
>So if the source package gets rebuilt and checked whether it is bit-by-bit
>identical to what was given to sbuild before, then essentially we would've
>enforced reproducible source packages. If I remember correctly, reproducible
>source packages are something that the reproducible builds team discarded as a
>concept many years ago.
>
>So what should be the plan instead?
>
I think that's almost the right goal.
The binary package that is built from that source package should be identical to the one produced from the first build.
As an example, in Python packages it is not unusual to ignore the diff associated with rebuilding the upstream package metadata. You get the same binary regardless, so as long as you can build the source package by ignoring that diff, it's good to go.
Scott K
Reply to: