Skip to content
Commits on Source (4)
Show whitespace changes
Inline Side-by-side
_blog/posts/174.md
View file @ 06416b6d
......@@ -4,3 +4,15 @@ week: 174
---
* [https://bugs.debian.org/872729 toolchain](https://salsa.debian.org/gnome-team/gtk2/commit/7deeede44c844e99402816ebc035de4d575f3db0)
Packages reviewed and fixed, and bugs filed
-------------------------------------------
* Bernhard M. Wiedemann:
* [wvstreams](https://build.opensuse.org/request/show/630334) (parallelism race)
* [schily](https://build.opensuse.org/request/show/630357) (race)
* [mailman](https://build.opensuse.org/request/show/630980) (date)
* [webkit2gtk3](https://bugs.webkit.org/show_bug.cgi?id=188738) (merged, sort `readdir(2)`)
* [libguestfs](https://www.redhat.com/archives/libguestfs/2018-August/msg00230.html) (merged, date / copyright year)
* [FIXME](https://salsa.debian.org/postgresql/postgresql-common/commit/c32ca637e093b4a1a3207ccbd86d82e56d9c5937)
_docs/perimeter.md
View file @ 06416b6d
......@@ -12,8 +12,9 @@ version to another as better optimizations are integrated all the time.
Instead, reproducible builds happen in the context of a *build
environment*. It usually comprises the set of tools, required versions,
and other assumptions about the operating system and its configuration.
A description of this environment should typically be provided alongside
any distributed binary package.
A description of this environment should typically be
[recorded]({{ "/docs/recording/" | prepend: site.baseurl }}) and provided
alongside any distributed binary package.
Requirements
------------
......
_docs/recording.md
View file @ 06416b6d
......@@ -10,19 +10,47 @@ built. The “about dialog” or output of `--version` typically contains
information about the build environment.
In the context of reproducible builds, we either actively make aspects
of the build environment irrelevant to the build output, or ensure they
are mandatory to rebuild the software exactly as distributed.
of the [build environment]({{ "/docs/perimeter/" | prepend: site.baseurl }})
irrelevant to the build output, or ensure they are available to rebuild the
software exactly as distributed.
All irrelevant information should not be recorded. What information is
irrelevant depends on what is defined to be
[part of the build environment]({{ "/docs/perimeter/" | prepend: site.baseurl }}),
but it likely includes information such as date and time of the build, build
system hostname, path, network configuration, CPU type, memory size,
environment variables…
All relevant information about the build environment should either be defined
as part of the development process or recorded during the build process.
The rest of the build environment should either be defined as part of
the development process or recorded during the build process.
## File Format
Everything that is recorded is stored best as a separate build product that can
be easily ignored or distributed separately. This will help identify which
variation is irrelevant to the software itself.
This product is called the 'buildinfo', but its exact format and the way it is
distributed differs across ecosystems.
### Debian
Debian shares its buildinfo files as plain text files following the
[control file format](https://www.debian.org/doc/debian-policy/ch-controlfields.html),
usually clearsigned with OpenPGP. A detailed description of the expected
fields and values, as well as conventions around naming, can be found under
[ReproducibleBuilds/BuildinfoFiles](https://wiki.debian.org/ReproducibleBuilds/BuildinfoFiles)
on the [Debian wiki](https://wiki.debian.org). Examples can be found on
[buildinfo.debian.net](https://buildinfo.debian.net).
### Arch Linux
The Arch Linux [makepkg](https://wiki.archlinux.org/index.php/makepkg) build
tool produces a `.BUILDINFO` file consisting of `<key> = <value>` pairs.
Unlike on Debian, this file is not independently signed and distributed, but
included into the package (and thus signed as part of the package signature).
An example can be found by downloading any Arch package built with a recent
version of [makepkg](https://wiki.archlinux.org/index.php/makepkg), such as
[archlinux-keyring](
https://www.archlinux.org/packages/core/any/archlinux-keyring).
### Tails
Tails does not record a buildinfo file per se, but instead the
[vagrant directory of the main git repo](
https://gitlab.com/Tails/tails/tree/master/vagrant) contains all information
necessary to reproducibly rebuild that revision of Tails.
\ No newline at end of file
test 0 → 100755
View file @ 06416b6d
#!/usr/bin/env python3
import time
import socket
import unittest
import subprocess
import contextlib
from selenium import webdriver
from selenium.common.exceptions import NoSuchElementException
PORT = 4000
JEKYLL = None
def setUpModule():
global JEKYLL
assert not port_open()
subprocess.check_call(('jekyll', 'build', '--verbose'))
JEKYLL = subprocess.Popen((
'jekyll',
'serve',
'--skip-initial-build',
'--port', str(PORT),
))
for x in range(10):
time.sleep(1)
if port_open():
break
else:
assert False, "Could not find site"
def tearDownModule():
global JEKYLL
JEKYLL.kill()
def port_open():
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
with contextlib.closing(s) as s:
return s.connect_ex(('127.0.0.1', PORT)) == 0
class TestSite(unittest.TestCase):
def setUp(self):
chrome_options = webdriver.ChromeOptions()
chrome_options.add_argument('--no-sandbox')
chrome_options.add_argument('--headless')
chrome_options.add_argument('--disable-gpu')
self.driver = webdriver.Chrome(chrome_options=chrome_options)
self.driver.implicitly_wait(10)
def tearDown(self):
self.driver.quit()
def test_smoke(self):
try:
self.driver.get('http://127.0.0.1:{}'.format(PORT))
self.driver.find_element_by_class_name('site-header')
except NoSuchElementException as exc:
self.fail(exc.msg)
if __name__ == '__main__':
suite = unittest.TestLoader().loadTestsFromTestCase(TestSite)
unittest.TextTestRunner(verbosity=2).run(suite)