summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHolger Levsen <holger@layer-acht.org>2015-10-18 18:10:43 +0200
committerHolger Levsen <holger@layer-acht.org>2015-10-18 18:10:43 +0200
commit8cfbc7123b88dd5b5a2d4a3779acc8f95a28d375 (patch)
tree7a7f6235efaa4b063fbb272eb364f31d70c5b5cb
parent79152c7d54a8b559871aae928246cbecf5ea754b (diff)
downloadjenkins.debian.net-8cfbc7123b88dd5b5a2d4a3779acc8f95a28d375.tar.xz
reproducible archlinux and fedora plans
-rw-r--r--TODO56
1 files changed, 45 insertions, 11 deletions
diff --git a/TODO b/TODO
index c0e34f05..faa10b24 100644
--- a/TODO
+++ b/TODO
@@ -131,8 +131,12 @@ properties:
** diffoscope needs to be run on the target arch... (or rather: run on a 64bit architecture for 64bit architectures and on 32bit for 32 bit archs), this should probably be doable with a simple i386 chroot on the host (so using qemu-static to run it on armhf should not be needed, probably.)
* higher prio:
-** rewrite bin/schroot-create.sh from scratch, with little sudo
+** document in the non-debian pages, that we don't have a clear idea yet, how to record+reproduce the build environment and that this is essential for reproducible builds too.
+** explain status in plain english on each coreboot/openwrt/netbsd/freebsd page, also on the Debian dashboard plus add an "executive summary about reproducible builds in the free software world"
+*** get the content for "<h2>status of $1</h2>" from notes.git/friends.yaml or such
+** rewrite bin/schroot-create.sh from scratch, with little sudo.
*** analyse+summarize needs, git commit that, then writing the script will be trivial
+*** use schroot tarballs (gzipped), moves are atomic then
** notes related:
*** #786396: classify issue by "toolchain" or "package" fix needed: show bugs which block a bug
*** new page with annoted packages without categorized issues (and probably without bugs as only note content too, else there are too many)
@@ -143,8 +147,6 @@ properties:
*** new page with packages which ftbfs in testing but build fine on sid
** new page: packages which are orphaned but have a reproducible usertagged patch
** use static IPs (h01ger)
-** explain status in plain english on each coreboot/openwrt/netbsd/freebsd page, also on the Debian dashboard plus add an "executive summary about reproducible builds in the free software world"
-*** get the content for "<h2>status of $1</h2>" from notes.git/friends.yaml or such
** mattia: .py scripts: UDD or any db connection errors should either be retried or cause an abort (not failure!) of the job
** save build-hosts in build_duration table (and change to saving the time of a single build, not both combined?)
** repo-comparison: check for binaries without source
@@ -279,13 +281,44 @@ properties:
==== reproducible Fedora
-* use mock to create a fedora chroot to build in
+* call the script reproducible_rpms.sh as it can also build OpenSuSE packages
+* create jessie schroot with mock and yum installed
+** 'groupadd --system mock'
+** 'usermod -a -G mock jenkins'
+** see below for '/etc/yum/repos.d/'
+* then use yumdownloader to download rpms: 'yumdownloader --source sudo'
+** https://mirrors.fedoraproject.org/metalink?repo=fedora-23&arch=X86_64 has a list of repos
+* then configure+use mock to build:
+** 'sudo mock -r fedora-20-x86_64 --init'
+** 'sudo mock -r fedora-20-x86_64 sudo-1.8.14p3-1.fc23.src.rpm'
+
+----
+$ cat /etc/yum/repos.d/fedora23.repo
+[fedora23-src]
+name=fedora 23 sources
+baseurl=http://fedora.mirrors.telekom.ro/pub/fedora/linux/development/23/source/SRPMS
+enabled=1
+gpgcheck=0
+#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
+----
+
+----
+# releasever=22 or 23 or… basearch=x86_64
+[fedora]
+name=Fedora $releasever - $basearch
+failovermethod=priority
+#baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/
+metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
+enabled=1
+#metadata_expire=7d
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
+skip_if_unavailable=False
+----
+
+* more notes:
** http://blog.packagecloud.io/eng/2015/05/11/building-rpm-packages-with-mock/
** http://blog.packagecloud.io/eng/2015/04/20/working-with-source-rpms/
-* start with building a single package (which is reproducible on Debian), only build that one, until its reproducible
-** then eventually build the full base system (100-500 packages), once that package is reprodcuible (aka the rpm toolchain has been fixed...)
-* maybe call the script reproducible_rpms.sh and also let it build OpenSuSE packages?
-* document in the initial webpage, that we don't have a clear idea yet, how to record+reproduce the build environment. +that this is essential for reproducible builds too.
==== reproducible Arch Linux
@@ -293,15 +326,16 @@ properties:
** needs to download bootstrap.tar.gz sig and verify
* use regular maintenace job to update the arch schroot: 'schroot --directory /tmp -c source:jenkins-reproducible-arch -u root -- pacman -Syu --noconfirm'
* arch build.sh:
-** introduce variations: USER
+** introduce more variations: USER
+** confirm the others are really working
** 'makepkg --skippgpcheck' should be replaced by 'makepkg' and 'echo "keyserver-options auto-key-retrieve" >> ~/.gnupg/gpg.conf'
*** this should make this obselete: 'schroot --directory /tmp -c source:jenkins-reproducible-arch -- grep ^validpgpkeys= $PKG/PKGBUILD|cut -d "'" -f2|xargs schroot --directory /tmp -c source:jenkins-reproducible-arch -- gpg --recv-keys'
* create a working scheduler job
+** test 'extra' too
** idea: reschedule reverse build depends too
* more random notes:
-** patch pacman to create .buildinfo files - or better: wait
** rename arch scripts and jobs to archlinux
-*** remember to adop cleanup_schroot_sessions() in common_functions.sh when renaming the schroots
+*** remember to adopt cleanup_schroot_sessions() in common_functions.sh when renaming the schroots
** use archlinux.css not the one from freebsd :)
*** use arch logo