Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
reproducible builds issues with noarch packages #5784
OBS produces and uses different versions of (unreproducible) noarch packages, which makes verifying OBS builds hard.
comparing local builds of SUSE:SLE-15-SP1:GA/skelcd-ha with official ones gave an unexpected diff
neither the OBS build nor the local build happened in July and doing two local builds did not have this diff.
The pdf is copied from the release-notes-ha noarch package
for arch in i586 x86_64 s390x ppc64le aarch64 ; do mkdir -p $arch ( cd $arch && osc -A https://api.suse.de getbinaries SUSE:SLE-15:Update/release-notes-ha.8105 standard $arch ) done md5sum */binaries/*rpm
shows that different versions of the noarch release-notes-ha exist and comparing with the published version, shows that the ppc64le version was published.
unrpm release-notes-ha-15.0.20180717-4.3.6.noarch.rpm strings usr/share/doc/release-notes/SUSE_Linux_Enterprise_High_Availability_Extension_15/*pdf|grep date
shows the embedded date. The ppc64le noarch version is used for the local build.
OBS should ensure that only one version of a noarch package is published and used for builds later.
How to Reproduce
This is true. Fedora's Koji compares noarch package builds across arches and if they're built differently, the whole build is failed.
This is actually very difficult to do in OBS, since each architecture is an independent build job, whereas Koji ties the build job to a central task that takes the input source (git, svn, or srpm) as the key. This difference in behavior is critical to understanding why Koji can do this while OBS currently cannot.
Dirk Mueller pointed me to the possibility of an ExportFilter that takes a regexp of packages to copy from another build.
On Montag, 10. September 2018, 09:34:16 CEST wrote Bernhard M. Wiedemann:
Dirk Mueller pointed me to the possibility of an [ExportFilter](https://en.opensuse.org/openSUSE:Build_Service_prjconf#ExportFilter) that takes a regexp of packages to copy from another build. One downside would be that downstream build jobs for one architecture would need to wait on that build job to finish for another architecture.
this would not happen and you could also create new cycles by using this mechanic. Cycles which can be calculated before, so you won't see them, just notice endless builds.…
-- Adrian Schroeter email: email@example.com SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany