[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [rb-general] reproducible .debs outside of the Debian archive

Holger Levsen:
>> Running an own instance of the snapshot.d.o software?
> I guess this is overkill but I have never tried this. Also I dont
> think snapshot.d.o already has code to archive .buildinfo files,
> cc:ing the mailing list to get feedback on this.
>> Keep all versions in one repo?
> I think that's what I would suggest.

Ok, great; that was also my expectation.

> Currently we only have a patch for dak to support keeping .buildinfo
> files, I think a wishlist bug against reprepro is in order! :-) 
> IOW: for a qubes repo I would probably suggest to use reprepro, not
> dak.

reprepro unfortunately can't handle multiple version of a package in one
repo. After a quick search it seems aptly is suitable.

Before filling a wishlist bug, we should think about what the desired
behavior is. Where should the .buildinfo be saved? How should they be

For the single repo case I think the .buildinfo files can be either be
simply stored directly beside the .deb or in a buildinfo directory.

The more interesting question is how they should be indexed, and if the
index should be signed?

IIRC the plan for dak was some separate tar-archive with all the
.buildinfo files? Will it be signed? Is there some interface planed
where I can get a single .buildinfo?

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: