Re: live-setup | Reintroduce regular building of live-build images (!2)
- To: Roland Clobus <rclobus@rclobus.nl>
- Cc: debian-live@lists.debian.org
- Subject: Re: live-setup | Reintroduce regular building of live-build images (!2)
- From: Steve McIntyre <steve@einval.com>
- Date: Sat, 3 Dec 2022 18:19:14 +0000
- Message-id: <[🔎] 20221203181914.GB3245702@tack.einval.com>
- In-reply-to: <79fb808b-2ccf-f3bb-9e1e-43309cf3d940@rclobus.nl>
- References: <reply-0c53729d614a14424231241b11e439e9@salsa.debian.org> <merge_request_55071@salsa.debian.org> <20221127181508.GK3245702@tack.einval.com> <20221127234937.GA4132468@tack.einval.com> <79fb808b-2ccf-f3bb-9e1e-43309cf3d940@rclobus.nl>
Hey Roland!
On Tue, Nov 29, 2022 at 08:40:05AM +0100, Roland Clobus wrote:
>On 28/11/2022 00:49, Steve McIntyre wrote:
>
>If I did it right, every single build will run in its own directory, so they
>will not collide. (See the line with 'export BUILDDIR')
>For utmost speed, I assume that the environment variable 'http_proxy' is set.
>See also https://wiki.debian.org/ReproducibleInstalls/LiveImages.
OK, cool. We don't need (and don't want!) a proxy for the build
machine here, as it has a complete mirror available on the host. That
mirror is also pushed directly during release weekends so we can build
straight away, before updates have made it all the way through the
mirror network.
IIRC live-build used to apply locks on the build machine, outside of
the build tree. Hopefully that's long fixed. Checking: does your
rebuild script try to install packages in the rootfs, or only inside
chroots?
>> > Thanks for your work so far! I'm hoping to get something working in
>> > the weekly image builds soon.
>
>You've done a lot, I didn't intend to bring you so much additional work.
No worries, I didn't want to be blocking you here! I also want to try
and get this all sorted well before the bookworm freeze...
>> I've made quite a bit of progress - see my recent commits in the
>> live-setup repo. One thing that I'm not convinced about in your script
>> is building d-i as part of a build, I'd be happier to have the option
>> for grabbing builds from d-i.debian.org like we use elsewhere (for the
>> weekly builds), and then of course we'll pull from the archive
>> directly for release builds.
>
>I'll try to find some time to comment on your additional changes soon.
>
>A few thoughts, primarily focussed on reproducibility:
>* I've used the git rebuild for d-i, because the d-i.debian.org images are
>fleeting, and cannot be used for long-term reproducibility tests. The git
>rebuild also contains a kernel detection part, so it would also produce a
>runnable d-i, even if the kernel version was not updated yet in git.
>* I've used the snapshot service instead of deb.debian.org also for long-term
>reproducibility reasons. deb.debian.org-based live images can only be
>reproduced within the same DAK-sync (every 6 hours)
Right. I'm much less bothered about reproducibility *here* tbh, I'm
more interested in getting things up and running so I can test
something that looks more like a release image. We're never going to
use snapshot stuff for official builds, as we have the full archive
readily available.
--
Steve McIntyre, Cambridge, UK. steve@einval.com
"This dress doesn't reverse." -- Alden Spiess
Reply to: