From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6449958519840964608 X-Received: by 10.80.142.245 with SMTP id x50mr2807247edx.0.1512053305256; Thu, 30 Nov 2017 06:48:25 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 10.80.159.161 with SMTP id c30ls10531008edf.1.gmail; Thu, 30 Nov 2017 06:48:24 -0800 (PST) X-Google-Smtp-Source: AGs4zMahwhbqzxmxc0PvUYCqD6KRRMFR2/lMdvdvWcEflp7+6OtiUQ0nRYVOuTKZCZ6db/Q9aPgq X-Received: by 10.80.203.138 with SMTP id k10mr2827122edi.5.1512053304898; Thu, 30 Nov 2017 06:48:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512053304; cv=none; d=google.com; s=arc-20160816; b=LWgIH0sAcSTaH/j7NmGjXY1WYsSN74EnRnKZThY+OED9aaXiSyGX2pt5SI5l4jfbKD fMTctZxX9dr5oA89B0rmkyE/4d/aIFvCeCQ/+DZYjtDaul+CtuyhpmyRhOpNnPQtfHKY SKNzYwM8BSpD8wlys5p84xkOgju4RW0Y2oSN8TXQOEr523qS2xP+8kdaXmdZzctQw7x2 3uo6dXa+TrWYGABRu8BJz5l8ko9+LGcucRV+/Nejbsl8ETaPSuUO+iLr+RBd8b167jGe uNtnukI5FrePeSy+kkKn4DaVF0wkTYzZkoJ2wOI2rJyvTQo7dnArbaiRAY8gaygH7MZG R3Ew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:to:subject :arc-authentication-results; bh=2JLLeJ5vbmA5+9ssMGYs2XqO7THLvxzIdZLvQjAnDCY=; b=iz24awFC/g1VIkBUyKWkYtjdqE057i+aQT/ZExncfHDILrhK4fGybBM2hIuEZFoZm+ neD0rQ6395X0YBhZLe3tag3nvUzgKv8QTI4Yz7bWYZQcDsSJbd2sEwt3s6cViaEwk1gF 2Ij0C2OWwbKYUH/6NF8BaE0fb/mNM4If4SrPoRI7jxKdZM6gBf8boGOcOQdze47K1JlF prg/noQl06X7gvrYTIIhtWYI2yMmmTgi8mZYLpJwuNC+z2hMJ05wLH/y+7Dm1KriFm7J EnNnW+BcY8W+X6Uz9n+D41KdS3NHgnXUqGFRM4li2L/IBsGZGU0wYAEt9to6b3wYcbtG 8D/g== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com Return-Path: Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2]) by gmr-mx.google.com with ESMTPS id h45si202777eda.2.2017.11.30.06.48.24 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 30 Nov 2017 06:48:24 -0800 (PST) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) client-ip=192.35.17.2; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11]) by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id vAUEmOHM021824 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 30 Nov 2017 15:48:24 +0100 Received: from md1f2u6c.ww002.siemens.net ([139.25.68.37]) by mail2.siemens.de (8.15.2/8.15.2) with ESMTP id vAUEmOqd004317; Thu, 30 Nov 2017 15:48:24 +0100 Subject: Re: Reproducibility of builds To: Alexander Smirnov , isar-users@googlegroups.com References: <20171120083322.mz7uiz7nbgesf2qp@MD1KR9XC.ww002.siemens.net> <0508e061-441f-396b-98df-ab6226aa04cd@denx.de> <6b33bcfe-6d5f-1823-6a36-43847556d4b8@siemens.com> <18e4cbc4-83b1-86f1-d24e-e0c68f72224d@ilbers.de> From: Jan Kiszka Message-ID: <46395823-b6a8-132a-cac3-5e62ec18a5e5@siemens.com> Date: Thu, 30 Nov 2017 15:48:23 +0100 User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 MIME-Version: 1.0 In-Reply-To: <18e4cbc4-83b1-86f1-d24e-e0c68f72224d@ilbers.de> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-TUID: OI5QXxk2skMN On 2017-11-30 09:04, Alexander Smirnov wrote: > Hi Jan, > > On 11/29/2017 10:02 PM, Jan Kiszka wrote: >> On 2017-11-29 19:53, Alexander Smirnov wrote: >>> Hi everybody, >>> >>> I've started working on this topic and here I'd like to share my vision. >>> At the moment I've implemented simple PoC in my branch >>> 'asmirnov/build_rep'. >>> >>> What it does: >>> >>> 1. There is new recipe: base-apt. It provides task which: >>> >>>   - Fetches packages from origin Debian apt to local folder using >>> deboostrap. >>>   - Put these packages via 'reprepro' to local repository called >>> 'base-apt'. >>> >>> 2. Buildchroot uses 'base-apt' to generate rootfs. >>> >>> 3. Isar image uses 'base-apt' and 'isar' repos to generate rootfs. >>> >>> >>> >>> What are the key benefits of this approach: >>> >>> 1. Download session for upstream packages is performed in a single step. >>> >>> 2. You could use your local 'versioned' apt repository instead of >>> downloading origin packages. >>> >>> 3. Having local apt repository managed by 'reprepro' provides us >>> possibility to implement version pinning. Reprepro provides lots of >>> things like: >>>   - Get package name. >>>   - Get package version. >>>   - Remove specific package from repo. >>>   - Add single package to repo. >>> >>> So in general, if we have know which package version we want to have, we >>> need to get binary with this version and put it to 'base-apt'. >>> >> >> But this encodes the versions of the packages to be used implicitly into >> their unique presence inside some local apt repo, no? >> >> I would prefer a solution that stores the packages list with versions as >> well and only uses that list, when provided, independent of the repo >> content. That way we can throw all downloaded packages back into a >> single archive repo. Have one repo per project version will quickly >> explode storage-wise (or you need extra deduplication mechanisms). >> >> That said, I'm fine with getting there in several steps, and this can be >> a valid first one. >> > > I got it. > > Here I only mean that there are some tools that could help us in > implementing specific logic. At the moment I don't have the final > vision, but hope it will appear during experiments with this PoC. > > My main wish is to avoid manual hacks with Debian artifacts and use > generic tools as much as possible. > I do agree. Jan