From: ydirson@free.fr
To: Henning Schild <henning.schild@siemens.com>
Cc: Anton Mikanovich <amikan@ilbers.de>, isar-users@googlegroups.com
Subject: Re: isar-bootstrap
Date: Tue, 26 Oct 2021 22:48:53 +0200 (CEST) [thread overview]
Message-ID: <849250711.1347880253.1635281333166.JavaMail.root@zimbra39-e7> (raw)
In-Reply-To: <20211026214408.22030b2f@md1za8fc.ad001.siemens.net>
> For the download Isar goes the pragmatic way and lets debian fetch
> what
> it wants. With a few exceptions ... i.e. there is only one "global
> apt-get update" so you have to hope that you can apt-get install what
> that initial run created your external database for. In practice that
> does not fail too ofter ... or you have to clean build again.
>
> If you really need to pin debian down to what it fetches, because for
> some reason (like repro build) you need your own mirror. In fact Isar
> spits out a partial debian mirror after an "online" build (base-apt).
> That can be used for consecutive offline builds, or as a base for
> consecutive "online" builds with custom DISTRO_APT_SOURCES.
>
> While snapshots.debian.org can be used as DISTRO_APT_SOURCES mirror
> in
> theory ... in practice it has rate-limiting in place. So you might
> succeed in a manual build that you retry over and over (or a small
> image), but in CI without caching ... you will never get a big image
> to
> build. That rate-limiting issue will need to be discussed with
> snapshots, we are not the first ones to have issues with it.
> But i personally would tell people to simply not freeze if they can,
> and the ones that need to freeze i would in fact tell to get a full
> debian mirror of their own, instead of a partial one produced by
> isars
> base-apt.
> As an OSS project you might see less of a need of freezing, tracking
> in
> fact is a security feature ... and debian will not do much more than
> security on their stable distros.
This is more of a concern for reproducibility of the build process
at package level. Probably this was not published very widely, but
there has been work on Debian package reproducibility in the context of
Qubes already, including a solution to the snapshots.d.o problem:
https://forum.qubes-os.org/t/reproducible-builds-for-debian-a-big-step-forward/6800
Best regards,
--
Yann
next prev parent reply other threads:[~2021-10-26 20:48 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1723895297.1343656873.1635201406531.JavaMail.root@zimbra39-e7>
2021-10-25 23:33 ` isar-bootstrap ydirson
2021-10-26 7:44 ` isar-bootstrap Henning Schild
2021-10-26 18:58 ` isar-bootstrap ydirson
2021-10-26 19:44 ` isar-bootstrap Henning Schild
2021-10-26 20:48 ` ydirson [this message]
2021-10-26 21:15 ` isar-bootstrap Henning Schild
2021-10-26 21:28 ` isar-bootstrap ydirson
2021-10-28 5:44 ` isar-bootstrap Jan Kiszka
2021-10-26 9:00 ` isar-bootstrap Anton Mikanovich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=849250711.1347880253.1635281333166.JavaMail.root@zimbra39-e7 \
--to=ydirson@free.fr \
--cc=amikan@ilbers.de \
--cc=henning.schild@siemens.com \
--cc=isar-users@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox