On 03/18/18 at 02:56am, Morten Linderud wrote:
On Sun, Mar 18, 2018 at 11:52:01AM +1000, Allan McRae wrote:
On 18/03/18 07:23, Robin Broda wrote:
For reproducible builds, Foxboron and I are working on scripts to reproduce a given package file. Generating archive links to download the same exact packages that were present on the build machine is a crucial part of this.
The package names have architecture information appended to them, eg. archlinux-keyring-20180302-1-any instead of archlinux-keyring-20180302-1 so to be able to reliably regenerate the package filename, architecture information is required.
Isn't this being handled elsewhere already - e.g. On the Debian provided reproducible service? How is that being managed without the architecture information?
A
Their service doesn't care as it tracks SVN directly when building packages. However, when we provide repro tools for our users we need to recreate with `.BUILDINFO`. So we have to pull down packages from the archive. Jelle suggested we just bruteforce it for the time being. But that sucks a little bit.
Tool in question: https://github.com/Foxboron/devtools-repro
alpm does not limit the package architecture; it can contain '-'. If the user has such a package installed, this will result in entries that will be parsed incorrectly.