[rb-general] [FOSDEM16] Reproducible FreeBSD and variants

Steven Chamberlain steven at pyro.eu.org
Thu Feb 11 18:33:10 CET 2016


Hi!

Holger Levsen wrote:
> > I've been trying to get started testing Debian GNU/kFreeBSD package
> > reproducibility (and I'd like it being mass-rebuilt anyway to find FTBFS
> > or other bugs sooner).  Just a few weeks ago I got Jenkins working on
> > kfreebsd (after porting some dependency) so it can run as a master or
> > slave.
> 
> cool. what are the specs, roughly?

Currently this is a Core i7-980X, 24 GiB RAM, 2x 1.4TB disks.

It is a server I rent out for business uses, but outside office hours
it was quite idle so I schedule jobs to run overnight and on weekends:
some rebootstrap jobs, and rebuilding debian-installer per Git commit.
I'd like to add reproducible jobs once I figure out how they work.

I've decided to open up the Jenkins web interace now (except HTTP POST
because I really don't trust its security!)
http://jenkins.kfreebsd.eu/jenkins/

I've put Jenkins master in its own separate chroot jail.  The jobs run
one at a time, in another separate sid chroot jail.  Jails prevent
access to files or devices of the host, and I can firewall their network
access if I want to.

> I dont see us moving to DSA 
> maintained host. patches for that (="less sudo usage…") welcome ;) 

This is a major concern for me at the moment, as I allow Jenkins to do
many things on the host (outside of any jail) via sudo to set up the sid
chroot.  I'm experimenting with better ways to do this.

I'd started out with sbuild, but it is incompatible with jails.  It was
also really slow, and that's a major concern for me with the limited
resources I have.  Optimizing is fun also.

With ZFS I can set sync=disabled on a whole chroot which is similar to
using Linux 'eatmydata', and makes APT/dpkg stages run really fast.

I'm also trying ccache, and preserving the cache directory between job
runs.  Hasn't helped much though.

What might be nice is if the host's sshd could set up so that, upon
login as user 'jenkins', it would give a root shell in a freshly-created
jail.  ZFS snapshots and clones could make that really fast.  In that
kind of setup, Jenkins need not run on build machines (saving hundreds
of MiB RAM).

Mostly I'd like to reduce the setup/teardown time so that a small
package like 'hello' takes only the smallest amount of time to build.
I think this is where most time would be wasted given how many small
packages there are in the archive.

Regards,
-- 
Steven Chamberlain
steven at pyro.eu.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20160211/792874d0/attachment.sig>


More information about the rb-general mailing list