From 2f731866bb6757f97c1a1df406b31fa963f99f4c Mon Sep 17 00:00:00 2001
From: Holger Levsen <holger@layer-acht.org>
Date: Wed, 14 Oct 2015 02:06:31 +0200
Subject: reproducible: document how to bootstrap an Arch schroot and build
 Arch packages in it

---
 TODO                       | 38 ++++++++++++++++++++++++++++++++++++--
 bin/reproducible_common.sh |  2 +-
 2 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/TODO b/TODO
index 0a197455..ad966c76 100644
--- a/TODO
+++ b/TODO
@@ -289,12 +289,46 @@ properties:
 * maybe call the script reproducible_rpms.sh and also let it build OpenSuSE packages?
 * document in the initial webpage, that we don't have a clear idea yet, how to record+reproduce the build environment. +that this is essential for reproducible builds too.
 
-==== reproducible Arch
+==== reproducible Arch Linux
 
 * create a job, to bootstrap an arch schroot:
-** https://wiki.archlinux.org/index.php/Install_from_existing_Linux#Method_A:_Using_the_bootstrap_image_.28recommended.29
+----
+	curl -O https://mirrors.kernel.org/archlinux/iso/2015.08.01/archlinux-bootstrap-2015.08.01-x86_64.tar.gz
+	tar xzf archlinux-bootstrap-2015.08.01-x86_64.tar.gz
+	mv /srv/workspace/arch/root.x86_64/ /schroots/reproducible-arch
+	sudo vi /etc/schroot/chroot.d/jenkins-reproducible-arch
+	as jenkins:
+		schroot --directory /tmp -c source:jenkins-reproducible-arch -u root bash
+			pacman-key --init
+			pacman-key --populate archlinux
+			echo 'Server = http://mirror.one.com/archlinux/$repo/os/$arch' >> /etc/pacman.d/mirrorlist
+		schroot --directory /tmp -c source:jenkins-reproducible-arch -u root -- pacman -Syu --noconfirm
+		schroot --directory /tmp -c source:jenkins-reproducible-arch -u root -- pacman -S --noconfirm devtools abs base-devel
+		schroot --directory /tmp -c source:jenkins-reproducible-arch -u root -- abs
+		schroot --directory /tmp -c source:jenkins-reproducible-arch mkdir /var/lib/jenkins
+		schroot --directory /tmp -c source:jenkins-reproducible-arch chown jenkins:jenkins /var/lib/jenkins
+		schroot --directory /tmp -c source:jenkins-reproducible-arch -- gpg --recv-keys 0x091AB856069AAA1C
+
+		PKG=sudo 
+		schroot --directory /tmp -c source:jenkins-reproducible-arch -- cp -r /var/abs/core/$PKG /tmp
+		schroot --directory /tmp -c source:jenkins-reproducible-arch -- grep  ^validpgpkeys= $PKG/PKGBUILD|cut -d "'" -f2|xargs schroot --directory /tmp -c source:jenkins-reproducible-arch -- gpg --recv-keys
+		schroot --directory /tmp/$PKG -c source:jenkins-reproducible-arch -- makepkg --skippgpcheck # YOLO
+
+	# todo:
+		use -source schroot
+		download bootstrap.tar.gz sig and verify
+		maintenance job does updates:
+			schroot --directory /tmp -c source:jenkins-reproducible-arch -u root -- pacman -Syu --noconfirm
+		-j X
+		tar-1.28.tar.xz (source) -> tar-1.28-1-x86_64.pkg.tar.xz (binary)
+		echo 'keyserver-options auto-key-retrieve' >> ~/.gnupg/gpg.conf
+		patch pacman to create .buildinfo files - or better: wait
+----
+* use regular maintenace job to update the arch schroot
 * create another job, to build a single package and a webpage for it…
 * create a simple scheduler and build a few more packages…
+** schroot, find packages in /var/abs/core/, schedule those
+*** idea: reschedule reverse build depends too
 
 ==== reproducible...
 
diff --git a/bin/reproducible_common.sh b/bin/reproducible_common.sh
index 66d6b93b..db6687fa 100755
--- a/bin/reproducible_common.sh
+++ b/bin/reproducible_common.sh
@@ -194,7 +194,7 @@ write_page_header() {
 		write_page "   or <a href="mailto:reproducible-builds@lists.alioth.debian.org">send us an email</a>,"
 		write_page "   to get support for making sure your packages build reproducibly too. Also, we care about free software in general,"
 		write_page "   so if you are an upstream developer or working on another distribution, we'd love to hear from you!"
-		write_page "   Besides Debian we are also testing <li><a href=\"/coreboot/\">coreboot</a></li>, <li><a href=\"/openwrt/\">OpenWrt</a></li>, <li><a href=\"netbsd\">NetBSD</a></li> and <li><a href=\"/freebsd/\">FreeBSD</a></li> now, though not as thoroughly as Debian (yet?) - and there are plans to test <a href=\"$JENKINS_URL/userContent/todo.html#_reproducible_arch\">Arch</a> and <a href=\"$JENKINS_URL/userContent/todo.html#_reproducible_fedora\">Fedora</a> too.</ul>"
+		write_page "   Besides Debian we are also testing <li><a href=\"/coreboot/\">coreboot</a></li>, <li><a href=\"/openwrt/\">OpenWrt</a></li>, <li><a href=\"netbsd\">NetBSD</a></li> and <li><a href=\"/freebsd/\">FreeBSD</a></li> now, though not as thoroughly as Debian (yet?) - and there are plans to test <a href=\"$JENKINS_URL/userContent/todo.html#_reproducible_arch\">Arch Linux</a> and <a href=\"$JENKINS_URL/userContent/todo.html#_reproducible_fedora\">Fedora</a> too.</ul>"
 		write_page "   <ul>As we think that reproducible builds should become the norm, we have started to write <li><a href=\"https://reproducible-builds.org/howto\">How to make your software reproducible</a></li>. As always we appreciate feedback on this document, just please don't consider it to be finished, comprehensive or correct, yet."
 		write_page "      Also aimed at the free software world at large, but released as version 1.0, is the first specication we have written: the <li><a href=\"https://reproducible-builds.org/specs/source-date-epoch/\">SOURCE_DATE_EPOCH specification</a></li>.</ul>"
 	fi
-- 
cgit v1.2.3-70-g09d2