On 03/18/18 at 02:56am, Morten Linderud wrote:
On Sun, Mar 18, 2018 at 11:52:01AM +1000, Allan McRae wrote:
On 18/03/18 07:23, Robin Broda wrote:
For reproducible builds, Foxboron and I are working on scripts to reproduce a given package file. Generating archive links to download the same exact packages that were present on the build machine is a crucial part of this.
The package names have architecture information appended to them, eg. archlinux-keyring-20180302-1-any instead of archlinux-keyring-20180302-1 so to be able to reliably regenerate the package filename, architecture information is required.
Isn't this being handled elsewhere already - e.g. On the Debian provided reproducible service? How is that being managed without the architecture information?
Their service doesn't care as it tracks SVN directly when building packages. However, when we provide repro tools for our users we need to recreate with `.BUILDINFO`. So we have to pull down packages from the archive. Jelle suggested we just bruteforce it for the time being. But that sucks a little bit.
Tool in question: https://github.com/Foxboron/devtools-repro
alpm does not limit the package architecture; it can contain '-'. If the user has such a package installed, this will result in entries that will be parsed incorrectly.