Two questions about build-path reproducibility in Debian

Vagrant Cascadian vagrant at reproducible-builds.org
Tue Feb 27 18:11:24 UTC 2024


On 2024-02-15, James Addison via rb-general wrote:
> A quick recap: in July 2023, Debian's package build infrastructure
> (buildd) intentionally began using a fixed directory path during
> package builds (bug #1034424).  Previously, some string randomness
> existed within each source build directory path.
>
> I've two questions related to buildpaths - one relevant to the
> Salsa-CI team, and the other a RB-team housekeeping question:
>
>   1. [Salsa] Recently Debian's CI pipeline was reconfigured[1] to
> enable more variance in builds.  However: I think that change also
> (inadvertently?) enabled buildpath variation.  Is that useful and/or
> aligned with Debian package migration incentives[2] -- or should we
> disable that buildpath variance?

I think it might be worth disabling build path variations by default in
salsa-ci, although making it possible for people to override.


>   2. [RB] Housekeeping: we use Debian's bugtracker to record packages
> with buildpath-related build problems[3].  Do we want to keep those
> bugs open, or should we close them?

I think the bugs should remain open, but perhaps downgraded to minor or
wishlist?

While buildd.debian.org does now use a predictible path, sbuild does not
by default and requires slightly tricky manual intervention to get the
right path; many people still may perform local builds in their home
directory; I am not sure if pbuilder now defaults to matching
buildd.debian.org, though it is possible to specify the build path (as
seen on tests.reproducible-builds.org!); reprotest still uses randomized
build paths, although a WIP branch exists:

  https://salsa.debian.org/reproducible-builds/reprotest/-/merge_requests/22

There are real-world build path issues, and while it is possible to work
around them in various ways, I think they are still issues worth fixing
to make it easier to debug other issues, although deprioritizing them
makes sense, given buildd.debian.org now normalizes them.


live well,
  vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20240227/03642149/attachment.sig>


More information about the rb-general mailing list