Bug#846842: nethogs: please make the build reproducible
On Fri, Dec 23, 2016 at 11:52 AM, Chris Lambwrote: > > To me it doesn't sound unreasonable to consider the last segment of the > > build path part of the build environment > > Could you elaborate why? We feel that the entire build path including > the basename(1) (or "last segment") to be: > > a) something up to the local package builder to decide. > > b) A poor method of storing metadata. It seems quite fragile and also > non-intuitive; if a user searches the source tree for the version > number, they won't actually find it within any of the files! > Not having the version in the source tree is actually intentional: this way, we can promote a certain commit to 'release' without having to add 'bump version to X'/'bump version to (X+1)-SNAPSHOT'-style commits to the history. This way we avoid some risks: - if you commit the released versions, people branching from that commit might accidentally build binaries that seem/claim to also be that version even though they aren't. When using tags instead, you can't really accidentally tag multiple commits with the same tag. - if you don't commit the final version (and commit 'x.y.z+1-SNAPSHOT' or something similar instead), there is no commit that is byte-per-byte identical to a git commit. I like to have that (I can even sign that commit which is nice). Our comprehensive testing framework deliberately varies this build path to > flush out these issues FYI. > Yes I figured it was probably intentional, so I thought I'd reach out and find out why :). Kind regards, Arnout
Bug#846842: nethogs: please make the build reproducible
[Please retain 846...@bugs.debian.org in CC] Hey Arnout, Thanks for getting in touch and for your kind words on reproducible builds. :) > To me it doesn't sound unreasonable to consider the last segment of the > build path part of the build environment Could you elaborate why? We feel that the entire build path including the basename(1) (or "last segment") to be: a) something up to the local package builder to decide. b) A poor method of storing metadata. It seems quite fragile and also non-intuitive; if a user searches the source tree for the version number, they won't actually find it within any of the files! Our comprehensive testing framework deliberately varies this build path to flush out these issues FYI. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#846842: Fwd: Re: Bug#846842: nethogs: please make the build reproducible
[Forwarding to BTS] - Original message - From: Arnout Engelen <arn...@bzzt.net> To: Chris Lamb <la...@debian.org> Subject: Re: Bug#846842: nethogs: please make the build reproducible Date: Fri, 23 Dec 2016 11:37:55 +0100 Hi Chris, First off, thanks for your efforts in making the builds more reproducible, this is an important topic. I'm the upstream nethogs author/maintainer, and I'd like to see if there's something more I can do to help. 'determineVersion.sh' indeed uses `pwd` (when building from outside git). Indeed in general leaking the full build path into the artifact seems like a bad idea (https://reproducible-builds.org/docs/build-path/). In this particular case, though, I only use the last segment of the path to determine the version. To me it doesn't sound unreasonable to consider the last segment of the build path part of the build environment (so I already consider the nethogs build 'reproducible' in that regard). Do you have any thoughts on that? Kind regards, Arnout On Sat, Dec 3, 2016 at 6:00 PM, Chris Lamb <la...@debian.org> wrote: > Source: nethogs > Version: 0.8.5-1 > Severity: wishlist > Tags: patch > User: reproducible-bui...@lists.alioth.debian.org > Usertags: builpath > X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org > > Hi, > > Whilst working on the Reproducible Builds effort [0], we noticed > that nethogs could not be built reproducibly. > > This is due to upstream's determineVersion.sh using the output > of "pwd". > > Patch attached. It overrides from debian/changelog. > > > [0] https://reproducible-builds.org/ Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#846842: nethogs: please make the build reproducible
Source: nethogs Version: 0.8.5-1 Severity: wishlist Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: builpath X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org Hi, Whilst working on the Reproducible Builds effort [0], we noticed that nethogs could not be built reproducibly. This is due to upstream's determineVersion.sh using the output of "pwd". Patch attached. It overrides from debian/changelog. [0] https://reproducible-builds.org/ Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- --- a/debian/rules 2016-12-03 16:48:52.021297391 + --- b/debian/rules 2016-12-03 16:59:09.759387921 + @@ -7,3 +7,6 @@ %: dh $@ + +override_dh_auto_build: + dh_auto_build -- VERSION="$(shell dpkg-parsechangelog --show-field Version)"