From 2f731866bb6757f97c1a1df406b31fa963f99f4c Mon Sep 17 00:00:00 2001 From: Holger Levsen Date: Wed, 14 Oct 2015 02:06:31 +0200 Subject: reproducible: document how to bootstrap an Arch schroot and build Arch packages in it --- TODO | 38 ++++++++++++++++++++++++++++++++++++-- bin/reproducible_common.sh | 2 +- 2 files changed, 37 insertions(+), 3 deletions(-) diff --git a/TODO b/TODO index 0a197455..ad966c76 100644 --- a/TODO +++ b/TODO @@ -289,12 +289,46 @@ properties: * maybe call the script reproducible_rpms.sh and also let it build OpenSuSE packages? * document in the initial webpage, that we don't have a clear idea yet, how to record+reproduce the build environment. +that this is essential for reproducible builds too. -==== reproducible Arch +==== reproducible Arch Linux * create a job, to bootstrap an arch schroot: -** https://wiki.archlinux.org/index.php/Install_from_existing_Linux#Method_A:_Using_the_bootstrap_image_.28recommended.29 +---- + curl -O https://mirrors.kernel.org/archlinux/iso/2015.08.01/archlinux-bootstrap-2015.08.01-x86_64.tar.gz + tar xzf archlinux-bootstrap-2015.08.01-x86_64.tar.gz + mv /srv/workspace/arch/root.x86_64/ /schroots/reproducible-arch + sudo vi /etc/schroot/chroot.d/jenkins-reproducible-arch + as jenkins: + schroot --directory /tmp -c source:jenkins-reproducible-arch -u root bash + pacman-key --init + pacman-key --populate archlinux + echo 'Server = http://mirror.one.com/archlinux/$repo/os/$arch' >> /etc/pacman.d/mirrorlist + schroot --directory /tmp -c source:jenkins-reproducible-arch -u root -- pacman -Syu --noconfirm + schroot --directory /tmp -c source:jenkins-reproducible-arch -u root -- pacman -S --noconfirm devtools abs base-devel + schroot --directory /tmp -c source:jenkins-reproducible-arch -u root -- abs + schroot --directory /tmp -c source:jenkins-reproducible-arch mkdir /var/lib/jenkins + schroot --directory /tmp -c source:jenkins-reproducible-arch chown jenkins:jenkins /var/lib/jenkins + schroot --directory /tmp -c source:jenkins-reproducible-arch -- gpg --recv-keys 0x091AB856069AAA1C + + PKG=sudo + schroot --directory /tmp -c source:jenkins-reproducible-arch -- cp -r /var/abs/core/$PKG /tmp + schroot --directory /tmp -c source:jenkins-reproducible-arch -- grep ^validpgpkeys= $PKG/PKGBUILD|cut -d "'" -f2|xargs schroot --directory /tmp -c source:jenkins-reproducible-arch -- gpg --recv-keys + schroot --directory /tmp/$PKG -c source:jenkins-reproducible-arch -- makepkg --skippgpcheck # YOLO + + # todo: + use -source schroot + download bootstrap.tar.gz sig and verify + maintenance job does updates: + schroot --directory /tmp -c source:jenkins-reproducible-arch -u root -- pacman -Syu --noconfirm + -j X + tar-1.28.tar.xz (source) -> tar-1.28-1-x86_64.pkg.tar.xz (binary) + echo 'keyserver-options auto-key-retrieve' >> ~/.gnupg/gpg.conf + patch pacman to create .buildinfo files - or better: wait +---- +* use regular maintenace job to update the arch schroot * create another job, to build a single package and a webpage for it… * create a simple scheduler and build a few more packages… +** schroot, find packages in /var/abs/core/, schedule those +*** idea: reschedule reverse build depends too ==== reproducible... diff --git a/bin/reproducible_common.sh b/bin/reproducible_common.sh index 66d6b93b..db6687fa 100755 --- a/bin/reproducible_common.sh +++ b/bin/reproducible_common.sh @@ -194,7 +194,7 @@ write_page_header() { write_page " or send us an email," write_page " to get support for making sure your packages build reproducibly too. Also, we care about free software in general," write_page " so if you are an upstream developer or working on another distribution, we'd love to hear from you!" - write_page " Besides Debian we are also testing
  • coreboot
  • ,
  • OpenWrt
  • ,
  • NetBSD
  • and
  • FreeBSD
  • now, though not as thoroughly as Debian (yet?) - and there are plans to test Arch and Fedora too." + write_page " Besides Debian we are also testing
  • coreboot
  • ,
  • OpenWrt
  • ,
  • NetBSD
  • and
  • FreeBSD
  • now, though not as thoroughly as Debian (yet?) - and there are plans to test Arch Linux and Fedora too." write_page " " fi -- cgit v1.2.3-70-g09d2