sbuild, reprotest and the unsharing spirit
Vagrant Cascadian
vagrant at reproducible-builds.org
Fri Mar 31 22:59:38 UTC 2023
Last month, I pondered about the future of reprotest and some related
ideas and tooling:
https://lists.reproducible-builds.org/pipermail/rb-general/2023-February/002876.html
This month, fleshed out a method of usefully using reprotest as a hook
to sbuild (a package build tool for Debian) using sbuild's unshare mode:
https://salsa.debian.org/reproducible-builds/sbuild-unshare-reprotest
It even has a README.md...
It is essentially a small wrapper around mmdebstrap (which can generate
a base tarball) and a configuration for sbuild that calls reprotest as a
hook to compare against the build the sbuild normally produces. This
leverages sbuild to set up the build environment, build a package, tweak
the build environment and build again...
Eventually may write another wrapper to generate the config, which would
allow more flexibility in enabling and disabling variations, or using
the reprotest --auto-build feature (e.g. perform builds with each
individual variation).
Experimented with essentially skipping the "sbuild" build, and just
using reprotest, so that it is possible to disable build path variations
or use --auto-build meaningfully.
Still a little rough around the edges, but I think it is a bit easier
setup for doing reproducible builds fuzz testing for Debian-style
packages. I also like that the diffoscope output ends up in the build
log, and at least the initial build is unpolluted by
reprotest/diffoscope dependencies.
Long term, I would love to explore integrating some sort of "unshare"
chroot mode into reprotest, to be a little more distro-agnostic while
still relatively easy to set up.
If there are other tools that basically implement a simple unshare
usernamespace'ed chroot and/or reproducibility fuzz testing, curious to
hear about them!
I have not gone too far into making any more significant changes to
reprotest. I really have my eye set on trying to remove randomization in
all the variations, and instead deterministically vary things. Did this
for locale variations, but there are plenty of calls to random.choice
left!
In order to test this environment, I also made a very quick example
unreproducible package:
https://salsa.debian.org/reproducible-builds/notveryreproducible
... which was somewhat inspired by the more comprehensive examples of
unreproducibility:
https://github.com/bmwiedemann/theunreproduciblepackage
And with those tools in hand (and a newish reasonably fast build
machine), I am now cranking on binutils and gcc, the last major holdouts
in the Debian build-essential set:
https://tests.reproducible-builds.org/debian/bookworm/amd64/pkg_set_build-essential.html
live well,
vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20230331/81faae9b/attachment.sig>
More information about the rb-general
mailing list