Uploads with conflicting buildinfo filenames

[Holger Levsen]

Hi Helmut,

On Fri, Jun 27, 2025 at 06:07:27PM +0200, Helmut Grohne wrote:
> thanks for your answers and the background you establish. I'll look into
> discussing this with Guillem.

thanks, I'm looking forward to this discussion!
 
> On Fri, Jun 27, 2025 at 02:43:48PM +0000, Holger Levsen wrote:
> > re: hat definition has violated some of our design:
> > 
> > eg I really think the checksum of the installed dependencies should
> > be listed in the .buildinfo files (even though I understand why this
> > is not that easy and thus I've for now given up on wanting this.)
> 
> I have a use case for this. Would it be possible to extend the buildinfo
> format specification such that checksums could be optionally included?

sure. (just we don't have a formal definition unless you consider the wiki
page as one. IMO we only have a practical definiton which is the dpkg
implementation. and that's both only about .buildinfo files in Debian, but
not about the general concept.)

> A builder could consume a .buildinfo file generated by dpkg-genbuildinfo
> and augment it with checksums given precise knowledge of the build
> environment. This is asking less than having dpkg-genbuildinfo produce
> those checksums and only about allowing their inclusion. Do you have
> something in mind how that would look? An example maybe?

no. but I had the idea of another wrapper transforming .buildinfo files
already. It doesn't even have to happen at build time.


-- 
cheers,
	Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

It's not climate change nor climate crisis, it's climate disaster.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20250628/659e01d8/attachment.sig>