Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 4/17/24 12:54 AM, Zbigniew Jędrzejewski-Szmek wrote:

On Wed, Apr 17, 2024 at 09:38:30AM +0200, Miroslav Suchý wrote:

Dne 17. 04. 24 v 9:20 dop. Zbigniew Jędrzejewski-Szmek napsal(a):

By adding this functionality to Mock itself. It can be optional (--add-determinism). And then Mock can call

    add-determinism $chroot/%buildroot/

I don't think we should make this particular functionality special.
We have a bunch of brps:

It depends... if you want to have this check/sanitization part of rpmbuild.
When it is small,and does not inflate buildroot, then fine.

Over the years, I learn that people have different view where each component should go. :) I will not argue.

If you package add-determinism I can help you to add it to Mock. Likely as plugin:

https://rpm-software-management.github.io/mock/#plugins

that is called in `postbuild`

https://rpm-software-management.github.io/mock/Plugin-Hooks

And by helping I mean that I will create the initial PR and you (and others) will test the functionality. Deal?

Thank you for the offer. I _might_ take you up on it later, but
for now, I think it's better to keep this inside of the buildroot.

I don't think that this functionality should be tied to mock. Right
now, the helper runs for 'fedpkg local' (as all brps), but if it's
moved to mock, then we'd need to at least call it from two places.
A lot of our security libraries create cryptographic checksums on the binaries that need to be correct in order for them to run in FIPS mode. If this is actually changing the binaries, we'll need to rerun those checksums. 

bob



Zbyszek
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue


--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux