On 03/18/18 at 02:56am, Morten Linderud wrote: > On Sun, Mar 18, 2018 at 11:52:01AM +1000, Allan McRae wrote: > > On 18/03/18 07:23, Robin Broda wrote: > > > For reproducible builds, Foxboron and I are working on scripts to > > > reproduce a given package file. Generating archive links to download > > > the same exact packages that were present on the build machine is > > > a crucial part of this. > > > > > > The package names have architecture information appended to them, eg. > > > archlinux-keyring-20180302-1-any instead of archlinux-keyring-20180302-1 > > > so to be able to reliably regenerate the package filename, architecture > > > information is required. > > > > Isn't this being handled elsewhere already - e.g. On the Debian provided > > reproducible service? How is that being managed without the > > architecture information? > > > > A > > Their service doesn't care as it tracks SVN directly when building packages. > However, when we provide repro tools for our users we need to recreate with > `.BUILDINFO`. So we have to pull down packages from the archive. Jelle > suggested > we just bruteforce it for the time being. But that sucks a little bit. > > Tool in question: https://github.com/Foxboron/devtools-repro
alpm does not limit the package architecture; it can contain '-'. If the user has such a package installed, this will result in entries that will be parsed incorrectly.
