-
Notifications
You must be signed in to change notification settings - Fork 221
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hand back SRPMs, containing sources that were modified as part of the build process #599
Comments
You say that setting the macros in
There are no restrictions. Mock just rebuild SRPM first. Then just call |
@xsuchy Sorry, I probably made a mess of the report. Rushing to meet change deadlines is not a good mode to pass information. There are two parts:
Of course, that is my understanding of the problem. I may have missed some awesome mock feature I had no need to use so far. Do inform me if that’s the case, I regularly discover new wonderful parts in mock I never knew about before. |
https://github.com/rpm-software-management/mock/wiki#generate-custom-config-file Users can use: Though, I do not think it is more convenient in this case. |
Ok, thank you for the hint, I will look at it. I have not needed user-level config before, so I did not knew about it. However, that is the least critical issue. The real blocker is to get mock to output an srpm that uses the sources that were modified during Is it possible in current mock or does it need some mock change? |
Thinking a little more about it, the only real problem seems to be mock builds a srpm, and uses this srpm to build packages, and returns this initial srpm with the built packages? Could that be changed to "return the built packages with the srpm that was built at the same time" instead of returning the original rpm? As an option, maybe? |
Mock doesn't even run
We could do
This is no-go for me. To stay sane, at the time of building SRPM and RPM Also, the dist-git is place to store the sources to be built by rpmbuild,
This is very similar to the first paragraph. Yes, Koji/Copr build system |
Thank you for having taken the time to write a long answer. First, let me state that no one is asking mock to interact with dist-git, this is not mock’s role, and (IMHO) a build tool has no business assuming a particular SCM, or interacting with this particular SCM. The situation is a little less clear for higher level layers like koji, because they mix the buildsystem role with repo orchestration, and repo orchestration is very close to release orchestration, though we’ve been moving, in the past years, to separate the two and put bodhi in sole charge of deciding what is an official Fedora rpm or not. Thus mock + dist git, definitely no, koji + dist-git, probably no (but that depends how complete the move of gating decisions to bodhi is). Copr? No idea but I suspect it has taken at the copr level some of the release management responsibilities that require deciding what to keep as a release or not, and thus the responsibility to record those decisions. So, no one is asking mock to store anything, that’s a release/gating management responsibility, that belongs to the entity that does release management in a workflow (that may include mock, as the build, not release, component). And the dist-git back-commit is just registering the change decision in the change management system, which is the purpose of this management system in the first place. That’s inherently a saner model, than a model where you record decisions in git before they are effective, and hope for the best. Builds will fail and failure analysis will lead to plan changes, therefore pretending a build exists before it is built and release management commits to keep it is ultimately a source of problems (for releng, for example, which are asked to clean up the mess every time the future does not turn up the way the optimistic packager thought it would). Second, the “proper justification” is IMHO that it is useful for some users and that it does not break the rpm design. Which is clearly the case here, or the change would not have attracted that many replies by people interested in the subject. And I don’t see how one could argue that something which works in rpmbuild without any change in the rpmbuild codebase breaks the rpm design. “We did not do that before” is not a good justification, rpm workflows must evolve to adapt to the constrains of the language ecosystems rpm packages, those ecosystems have flourished in the past years (thanks to git) making the amount of artefacts to package grow by several orders of magnitude. This is not sustainable at the rpm level without steep tooling changes and improvements, because the packager number did not follow the same growth curve. Thanks to git devs do more, with the same amount of manpower. The rpm ecosystem must help packagers do more, with the same amount of manpower. That means more dynamic specs: dynamic buildrequires (and I was involved there) dynamic subpackages (what @ffesti is working on right now), dynamic autobumping releases, etc. rpm maintainers are discussing how to inject the result of spec generation in the SRPM for debugging purposes, dynamic subpackages means this generation will not be effective before the end of the new postbuild section, therefore, mock will have to handle “SRPM as it exists after the start of the build” one way or another. In a few years rpms and the rpm workflows will look very different from the workflows of the past score of years (where the ecosystem essentially stagnated) and that will be great. There would not be so many people working on core rpm changes today if the stagnation was sustainable. And you could try (as people are trying) to move the dynamicism outside rpm and mock, with external tools munging specs and feeding the result to mock, and mock pretending it is doing business as usual static builds. But that involves a huge amount of expensive and brittle complexity, and is ultimately limiting (too many cooks for a single dish). The difference in line counts between autobumping within the spec, and autobumping from outside the spec, is pretty damning, and it will get worse the more tools you layer outside the spec, trying to coax it do do things it can not do by itself. Adding build logic in the spec is ultimately simpler than layers over layers of pre-processing that try to deconstruct the spec logic, then reconstruct it, adding changes, behind the packager’s back. |
I think this is not personal, but I'm not trying to block dynamicism (as I'd like to avoid mixing-up two categories of things we declare in spec file:
I don't think we want to/can make the first point dynamic. That would From a mock perspective, we should protect these points:
That being said, I view the current mock code to be broken. Because the The input source RPM for Then, we install that complete source RPM (including all the Requires,
Mock's basic task is to wrap rpmbuild and depsolver (chroot). Not to Think of it like: The TL/DR: |
Ok, thanks for the reply. That helps clarifying how the proposal works. I think the misunderstanding here is that, because the mechanism modifies files in Sources, it is some kind of self modifying non deterministic monster. The modified sources are not used by the build process itself. The modified sources are an output of the build process not an input. Modifying sources is not necessary for the bumping to work. It is necessary to store the result of the bumping in the SRPM, so the next build knows where to bump from, and you can chain bump to your heart content, without being stuck in a loop where the spec says release is R, and you compute R+1, and the next rebuild still sees R, and still computes R+1. (You do not even need the SRPM. Exactly like you wrote, the SRPM is just a way to convey updated sources + spec to the next build. In a direct rpmbuild setup the proposal will auto-bump without any intermediary SRPM stage, because sourcedir is shared between rpmbuild calls, so each rpmbuild will see the results of the last build without intermediate SRPM import/export). You can think of it like a %files section, except a %files attached to the SRPM. And it needs to be attached to the SRPM because the payload we import/export between rpmbuild, mock, koji, copr, obs etc is the SRPM, so info that needs carrying over to the next rebuild must be included in the SRPM itself. It could probably be modeled better with:
Sources are not dynamic within a build. The dynamic property comes from the fact the next rebuild, will use a new set of sources as starting point. The data model is actually a lot stricter and clear cut than the one you are used to, because software and especially rpm macros are dumb as a brick, and could not stomach the kind of fuzzy data model humans have no problem with. With the proposal you have a clear-cut:
The third part is not 100% satisfying, because it mixes builder-provided data, with packager or git or whatever provided data, but you can not have a timeline that includes both kinds of data, without multiple writers.
Autobumping is the antithesis of reproducible builds. You can not both bump releases automatically, and change nothing between builds. However, because the data model is clean, implementing a reproducible mode was trivial: the code just takes the "previous state" that would have been bumped in normal mode, and reuses it as-is. You can see by yourself, the code is a KISS "if reproducible, set everything to the values produced by last build, else compute new values". |
Just my opinion: I think it is too complicated. See my tl/dr above why we can not not affect the output source RPM by
Not really. As long as the package doesn't bump the release on its own, and we rather delegate the task to build system -- we can go very easily back in time and re-do the build with the same parameters, and reproduce the build. There are two really straight forward options to let build-system do the decission:
|
The first solution does not work mid-term, because it requires spec syntax to stay static, and all dynamic changes being worked on will change this syntax (it will probably break even before @festi finishes his part, since I’m changing other related parts for my own needs). Basically, as soon as rpm maintainers insisted in spring they would only support Tag evaluation in very specific places of the spec, and people just had just to generate Tags in this very specific place, the game was over for the first solution, because it assumes there is a physical Release tag to hang on (you can not have a physical release Tag in the spec when rpm maintainers require you to generate it because it simplifies the rpm spec parser work). The second solution does not work either, because it ties release bumping to a buildsystem view of release history, meaning as soon as you move a package from one system to another things break. You could make the second solution work, by telling the new buildsystem where the old buildsystem stopped, but that’s exactly what you object in the change. However once you’ve made the mental break that adding to release history safely requires knowing this history (at least the part of history you’ll be grafting things upon), and moving between build systems requires relaying history, you quickly realise that they’re zip reason to make each buildsystem invent slightly different and incompatible bumping algorithms, and that you want the logic in a single place, and really, it’s not that hard to implement (less than a hundred of basic lua code for the logic itself, a bit more once you add the parts to relay the results to the rest of the spec). And the change does use counter macros that can be set beforehand, as I already wrote reproducible builds are implemented by just keeping old counter values instead of computing new values. |
There's nothing we can do about this in mock, see the tl/dr above. Re-repeating: I suppose that by Florian's work you mean rpm-software-management/rpm/issues/329 |
No, I meant The last line in Florian’s message clearly indicates that the target is to make it possible to generate the SRPM (main) section too, meaning the SRPM result of the build won’t be known before the new section, after build
I agree 100% with Florian that it needs to be done this way. You can not square dynamic subpackages with projects that produce a single artefact otherwise (ie the vast mass of simple projects). |
Honestly, I don't see any desire in that statement that |
Florian would not be writing that if he thought main should stay stuck in the preamble. He would either not write it at all (because it would be obvious for him that main has nothing to do with his feature) or write plainly "you can not generate main, because main belongs at the start of the process" (like you wrote yourself in this issue). The fact is that a huge number of the packages we create do not have explicit subpackages sections in the preamble, because SRPM metadata = deployment package metadata. So, what you are going to do once Florian finishes his work, and rust/python/go whatever automate their subpackage creation using Florian’s feature. Tell packagers "you can use the feature, except when you have a single deployment package to generate" (because in that case the main srpm declaration in the preamble will collide with the single generated subpackage declaration in the new section)? Or tell them "you can use the feature, but be extra careful to choose manually a srpm envelope that does not collide with generated subpackage naming, ie more manual packager busywork plus renaming all your single subpackage srpms to something else, plus dealing with renaming reviews? (that would be the only way to do it, because changing the subpackage name, would collide with all the existing user deployments that use current naming, and require heavy upgrade path surgery). That does not square. That’s terribly packager-unfriendly. As soon as you start doing that packagers will beg for a way to reconciliate the subpackage metadata with the srpm metadata. And since subpackage metadata won’t exist before the new section, after build, that moves srpm processing in there too no matter how you try to turn things. |
If we happen to let post-build section to modify the main spec preamble (I |
I don’t understand why you say you do not have the needed rpmbuild feature at this moment. Just call rpmbuild -ba on the SRPM you built at first stage. If rpmbuild did not already work (as I am quite sure rpmbuild will still work after the changes Florian is doing) my specs would not autobump using plain rpmbuild. There’s no deep magic in there, just more stages in rpmbuild generation, that invalidate the "srpm at start of process = srpm at end of process" assumption. But really, I don’t think there was ever any deep commitment to this assumption anywhere, it’s just an implementation artifact of our past way of doing things, that people got used to. If mock needs something more elaborate, can you just fill what more elaborate thing mock needs (here or directly in rpm upstream issue tracker, I don’t think one is harder for you than the other)? So people like Florian and me, who are working on more dynamic generation, do not forget to take mock needs into account? |
Because it is another small step that opens mock for ugly hacks, and it is
It actually doesn't quite work,
This is higly POV statement, and I disagree with you.
There's just no point in breaking this assumption in mock IMO. I'm pretty stable here, so I am now resigning from the message ping-pong |
Of course The changelog is not baked in the source file within the srpm at this point, because the build did not progress far enough, to commit that a build happened in the detached file, but rpmbuild already knows the release it is targetting and srpm metadata (release and changelog) reflect this target. |
I could easily move changelog persistence to %prep, so sources are updated before rpmbuild -br . But that would make any rpmbuild -bs result in a release bump. Right now the release bump is provisional, and because it is not persisted to source file, you can execute as many -bs or -br as you which, only a full build will create a srpm that the next build will bump from. If I had done otherwise, creating a srpm to feed it to mock or copr or fedpkg, would have persisted the new release and changelog, before the build was effective. |
Closing, ideas from the community are still welcome, but I fear there's a very low interest in this topic, |
I’ve been investigating release and changelog autobumping as part of the needs of my Fedora SIGs.
I initially thought I would hit some limitation at the rpmbuild level.
Turns out, rpm copes fine with this process, and needs no change to accomodate autobumping.
Unfortunately specs that autobump beautifully in rpmbuild do not in mock. The whole process relies on storing the changelog and build information in sources modified at
%build
stage (because autobumping needs to know the previous evr to bump), but mock seems to replace those modified files with the pre-bumped ones.Could this restriction be lifted?
I can not store the build info in a subpackage, otherwise autobumping would not work without some horrible self-depend cycle, and I can not emit the build info before
%build
, because other sections are executed several times by all kinds of software (including spectool), and you do not want those other executions to produce a spec bump.https://fedoraproject.org/wiki/Changes/rpm_level_auto_release_and_changelog_bumping
Another limitation is that changelog autobumping requires passing the name and email that will end up in the changelog some way. Doing it for rpmbuild is trivial, you add two variables to your
~/.rpmmacros
, you can do it with mock by passing a coupleconfig_opts['macros']
but that’s quite inconvenient usability-wise and makes the buildroot definition user-specificI suppose one could say there is a security issue with allowing sources to be modified by the build process, but since you end up installing and executing the result of this build process, I don’t see why the files contained in the srpm, needs to be more protected, than the files contained in rpms
The text was updated successfully, but these errors were encountered: