[Git][reproducible-builds/reproducible-website][issue-56/getting-started-guide] 2 commits: How to add variance: add dependency-drift grouping
James Addison (@jayaddison)
gitlab at salsa.debian.org
Sun Oct 20 17:27:59 UTC 2024
James Addison pushed to branch issue-56/getting-started-guide at Reproducible Builds / reproducible-website
Commits:
5ee3ac46 by James Addison at 2024-10-20T18:23:39+01:00
How to add variance: add dependency-drift grouping
- - - - -
63d58e09 by James Addison at 2024-10-20T18:27:33+01:00
Relocate dependency-drift notes to seemingly-relevant doc page: 'volatile inputs'
- - - - -
2 changed files:
- _docs/getting-started-variations.md
- _docs/volatile_inputs.md
Changes:
=====================================
_docs/getting-started-variations.md
=====================================
@@ -42,21 +42,3 @@ Its [`README`](https://salsa.debian.org/reproducible-builds/reprotest/-/blob/mas
- Toolchain (compiler, ...)
- Dependencies listed in your project
-
-
-### Lockfiles
-
-Some build systems (Go, Cargo, NPM...) allow you to include the exact version of your dependencies.
-Whenever possible, you should version it or include it in your source tarballs, so that people will be able to use them to recreate a similar environment to you.
-
-
-### Vendored dependencies
-
-Another possibility is to include a copy of your dependencies in your source tree, or to reference it with similar methods, such as git submodules.
-
-
-### Debian Snapshots
-
-Debian packages must be reproducible with the packages that were available in the archive when they were built.
-
-You can use [`snapshot.debian.org`](https://snapshot.debian.org/) to create a system in that state.
=====================================
_docs/volatile_inputs.md
=====================================
@@ -24,3 +24,23 @@ with cryptographic checksums for each of these files. The FreeBSD
infrastructure ensures that a copy of all *distfiles* are kept available
on a mirror network. When building a port, the files will be downloaded
from there if the original *master site* is unreachable.
+
+
+### Preventing dependency drift
+
+#### Lockfiles
+
+Some build systems (Go, Cargo, NPM...) allow you to include the exact version of your dependencies.
+Whenever possible, you should version it or include it in your source tarballs, so that people will be able to use them to recreate a similar environment to you.
+
+
+#### Vendored dependencies
+
+Another possibility is to include a copy of your dependencies in your source tree, or to reference it with similar methods, such as git submodules.
+
+
+#### Debian Snapshots
+
+Debian packages must be reproducible with the packages that were available in the archive when they were built.
+
+You can use [`snapshot.debian.org`](https://snapshot.debian.org/) to create a system in that state.
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/8e8f7d5588d4f0ac5c2381a753cf2152988a00a5...63d58e09d152f540e8b6f0e9d368c9c2bb2d406a
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/8e8f7d5588d4f0ac5c2381a753cf2152988a00a5...63d58e09d152f540e8b6f0e9d368c9c2bb2d406a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20241020/19639ca8/attachment.htm>
More information about the rb-commits
mailing list