subject:"F41 Change Proposal \- Reproducible Package Builds \(System\-Wide\)"

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-05-22 Thread Zbigniew Jędrzejewski-Szmek

On Wed, May 22, 2024 at 09:06:07AM +0200, Vitaly Zaitsev via devel wrote:
> On 17/04/2024 09:20, Zbigniew Jędrzejewski-Szmek wrote:
> > In some ways, that'd be nice, because we wouldn't have to install
> > additional tools in the buildroot. But OTOH, those tools are rather
> > small and bash/find/etc probably need to be installed anyway.
> 
> It doesn't seem to work properly without the marshalparser Python package
> installed:
> 
> + /usr/bin/add-determinism --brp -j48
> /builddir/build/BUILDROOT/nheko-0.11.3-11.fc41.x86_64
> Cannot initialize handler pyc: ModuleNotFoundError: No module named
> 'marshalparser'

Yes. The plan is to pull in the marshalparser module from
python3-devel (conditionalized on python not being bootstrapped).
The lack of the marshalparser module means that the program doesn't
handle .pyc files, but otherwise works.

> Also, is it possible to suppress these "Bye!" messages?

Yeah, I left in the debugging message to have more clarity if
things are working. They'll be gone in the next version.

Zbyszek
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-05-22 Thread Vitaly Zaitsev via devel


On 17/04/2024 09:20, Zbigniew Jędrzejewski-Szmek wrote:

In some ways, that'd be nice, because we wouldn't have to install
additional tools in the buildroot. But OTOH, those tools are rather
small and bash/find/etc probably need to be installed anyway.


It doesn't seem to work properly without the marshalparser Python 
package installed:


+ /usr/bin/add-determinism --brp -j48 
/builddir/build/BUILDROOT/nheko-0.11.3-11.fc41.x86_64
Cannot initialize handler pyc: ModuleNotFoundError: No module named 
'marshalparser'

[src/multiprocess.rs:66:9]  = Command {
program: "/usr/bin/add-determinism",
args: [
"/usr/bin/add-determinism",
"--socket",
"3",
"--brp",
"--handler",
"ar,jar,javadoc",
],
env: CommandEnv {
clear: false,
vars: {
"SOURCE_DATE_EPOCH": Some(
"1716249600",
),
},
},
create_pidfd: false,
}
Bye!
Bye!
Bye!
Bye!

Also, is it possible to suppress these "Bye!" messages?

--
Sincerely,
  Vitaly Zaitsev (vit...@easycoding.org)
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-23 Thread Zbigniew Jędrzejewski-Szmek

On Wed, Apr 17, 2024 at 11:28:53AM +0200, Fabio Valentini wrote:
> On Wed, Apr 17, 2024, 08:45 Tim Landscheidt  wrote:
> 
> > Zbigniew Jędrzejewski-Szmek  wrote:
> >
> > > […]
> >
> > >> - use dynamic buildrequires to detect what plugins are needed
> >
> > > My problem is that the binary is linked to the libpython3.12.so shared
> > > library… The detection part is easy, the hard part is how to have the
> > > binary work when the shared lib is not installed.
> >
> > Quick 'n' dirty: Have two binaries, unconditionally call
> > add-determinism-python for *.pyc files, either from
> > add-determinism or the BRP macro (which essentially should
> > be called when %__brp_python_bytecompile is called?), rely
> > on the packager to build-require add-determinism-python or
> > require that from python3-devel (the missing binary should
> > fail the build otherwise).
>
>
> Something like this could be even made automatic.
> 
> - split Python-specific functionality into a separate binary and subpackage
> of add-determinism
> - add only add-determinism to the default buildroot
> - add "Requires: (add-determinism-python if python3)" to add-determinism
> 
> That way the pyc processing functionality would only be pulled in iff
> python3 is already getting installed by something else.

Thanks to everyone who made suggestions.

A variant of the above is implemented in
https://src.fedoraproject.org/rpms/rust-add-determinism/pull-request/1:

We' install either add-determinism or add-determinism-nopython.
(The two packages provide the same files and declare Conflicts with each other).
The appropriate variant will be pulled in via rich dependencies.

(The arrangement is a bit different than what is described above,
i.e. one or the other binary is installed, because of some low-level
implementation needs:

- I don't want to spawn a separate "handler" for each type of cleanup.
  Right now, the different handlers don't process files of the same type,
  so it doesn't matter much, but such cases can easily occur, for example
  a .pyc file stored in a .jar, or more realistically, a .html javadoc file
  embedded in a .jar file. If it's all in a single process, it's fairly
  easy to arrange how this should be sequenced.

- The multi-worker mode is now implemented by spawning N workers, and
  each worker accepts all file types. This makes the distribution of
  jobs trivial, we always have one coordinator and N workers. But if
  we had workers of different types, we'd suddenly need to figure out
  answers to questions like: how many workers of each type to spawn,
  e.g. does this particular package have both .jar and .a files, etc.
  It's much better to avoid this.

- Right now the discovery which handlers are used is made once, in the
  first binary that is called. If it cannot initialize some type of
  handler (right now mainly only the pyc handler, if python cannot be
  initialized or marshalparser cannot be imported, but some other
  handlers have checks on allowed $SOURCE_DATE_EPOCH values), a
  warning is printed and the handler is skipped. The workers are then
  initialized with an explicit handler list, and if any of the
  specified handlers doesn't initialize, this becomes a hard error.
  Overall, we get warnings just once, and every unexpected failure
  is an error. If initialization of handlers was moved down, things
  would become noisier and less tight.)

This approach solves the problem and is fairly simple and should be
robust. If if turns out to be problematic we can always switch to some
different solution in the future.

Zbyszek

P.S. https://github.com/keszybz/add-determinism/pull/5 was merged,
which cuts down on unneeded features in dependencies.
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-19 Thread Zbigniew Jędrzejewski-Szmek

On Wed, Apr 17, 2024 at 05:12:07PM -0500, Maxwell G wrote:
> On 4/13/24 06:41, Fabio Valentini wrote:
> > On Sat, Apr 13, 2024 at 1:18 PM Zbigniew Jędrzejewski-Szmek
> >   wrote:
> > > Yes. But actually I think Rust is the optimal choice here. Writing
> > > this in Python would be possibly slightly nicer, but we don't want
> > > to pull the interpreter and packages into the buildroot. Python
> > > also has the problem (challenge?) that it needs to be bootstrapped
> > > once per year. The less packages are involved in the bootstrap, the
> > > easier it is. And if the brp was written in Python, we'd need to
> > > deal with that, and it would probably increase the number of builds
> > > which are done without the cleanup. Having this as an indepedent
> > > binary avoids some of the issues with bootstrap.
> > I think Rust*would*  be a good choice here ...
> > BUT add-determinism uses pyo3 to link to CPython, so it pulls in
> > python3-libs anyway.
> > So you get the downsides of pulling in Python without the upsides of
> > using Rust ...
> 
> Would it be possible to shell out to Python instead of using pyo3? I assume
> add-determinism's Python handler is not that complicated given that
> marshalparser does most of the work.

Possible — yes.
Desirable — not clear.

Firstly, Python interpreter startup with module imports is relatively
slow. In the current implementation we do that just once in each
worker, and then read the list of files to process from a socket.
People were worried about the postprocessing being slow, so I
implemented a fairly nice multiprocessing scheme that cuts down on
this avoidable overhead.

Secondly, calling a library function is generally preferred over
calling a binary for the purposes of error handling. For example,
right now I can catch an exception and handle it as appropriate.
When calling a subprogram, we only get an error code and maybe some
error message, and, for example, supressing or customizing the
message for some classes of exceptions cannot be done cleanly.

Thirdly, bootstrapping might actually be easier with a link to a
library. We might install older python3-libs together with a new
versions of python3-libs and python3, since they don't conflict, but
we can have only one /usr/bin/python…

But yeah, just calling an external python binary is certainly an
option if the current approach doesn't work out. Thank you for the
suggestion.

Zbyszek
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-18 Thread Robert Relyea


On 4/17/24 12:54 AM, Zbigniew Jędrzejewski-Szmek wrote:

On Wed, Apr 17, 2024 at 09:38:30AM +0200, Miroslav Suchý wrote:

Dne 17. 04. 24 v 9:20 dop. Zbigniew Jędrzejewski-Szmek napsal(a):

By adding this functionality to Mock itself. It can be optional 
(--add-determinism). And then Mock can call

    add-determinism $chroot/%buildroot/

I don't think we should make this particular functionality special.
We have a bunch of brps:

It depends... if you want to have this check/sanitization part of rpmbuild.
When it is small,and does not inflate buildroot, then fine.

Over the years, I learn that people have different view where each component 
should go. :) I will not argue.

If you package add-determinism I can help you to add it to Mock. Likely as 
plugin:

https://rpm-software-management.github.io/mock/#plugins

that is called in `postbuild`

https://rpm-software-management.github.io/mock/Plugin-Hooks

And by helping I mean that I will create the initial PR and you (and others) 
will test the functionality. Deal?

Thank you for the offer. I _might_ take you up on it later, but
for now, I think it's better to keep this inside of the buildroot.

I don't think that this functionality should be tied to mock. Right
now, the helper runs for 'fedpkg local' (as all brps), but if it's
moved to mock, then we'd need to at least call it from two places.



A lot of our security libraries create cryptographic checksums on the 
binaries that need to be correct in order for them to run in FIPS mode. 
If this is actually changing the binaries, we'll need to rerun those 
checksums.


bob



Zbyszek
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-17 Thread Maxwell G


On 4/17/24 02:20, Zbigniew Jędrzejewski-Szmek wrote:

I don't think we should make this particular functionality special.


Yeah, I tend to agree. If we want to reimagine the way BRP scripts work, 
that should be a separate discussion.

--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-17 Thread Maxwell G


On 4/13/24 06:41, Fabio Valentini wrote:

On Sat, Apr 13, 2024 at 1:18 PM Zbigniew Jędrzejewski-Szmek
  wrote:

Yes. But actually I think Rust is the optimal choice here. Writing
this in Python would be possibly slightly nicer, but we don't want
to pull the interpreter and packages into the buildroot. Python
also has the problem (challenge?) that it needs to be bootstrapped
once per year. The less packages are involved in the bootstrap, the
easier it is. And if the brp was written in Python, we'd need to
deal with that, and it would probably increase the number of builds
which are done without the cleanup. Having this as an indepedent
binary avoids some of the issues with bootstrap.

I think Rust*would*  be a good choice here ...
BUT add-determinism uses pyo3 to link to CPython, so it pulls in
python3-libs anyway.
So you get the downsides of pulling in Python without the upsides of
using Rust ...


Would it be possible to shell out to Python instead of using pyo3? I 
assume add-determinism's Python handler is not that complicated given 
that marshalparser does most of the work.
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-17 Thread Fabio Valentini

On Wed, Apr 17, 2024 at 3:10 PM Zbigniew Jędrzejewski-Szmek
 wrote:
>
> > Because this is written in Rust instead of Python, you will need a
> > build variant for *every* Python interpreter shipped in Fedora.
>
> No, just one one, at any given time.

Assuming that the marshalparser package can parse pyc files from newer
Python versions, I don't think this is necessary.

> Or in other words, it's the same as any application using Python in
> Fedora: it is built against some version of Python, usually the
> default one.
>
> (pyo3 has support for linking to the stable python abi, which
> theoretically would allow the program to be able to run with python
> versions newer than the one against which it was built. I didn't look
> at the details, so I don't know what would be needed to link it like
> that and whether that'd actually make things better for us.)

The functionality for building + linking only with the stable /
limited "abi3" CPython ABI is only relevant for *extension modules*,
i.e. Python modules that contain a native extension written in Rust.
This is not the case here - it's a Rust program that calls into
CPython (as opposed to the Python interpreter loading a native
extension module, which is effectively a "plugin" which is not linked
to libpython directly). add-determinism is linked *directly* to
libpython3.x.so, so it is only ever compatible with the major version
of the Python interpreter that it was built against.

Fabio
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-17 Thread Zbigniew Jędrzejewski-Szmek

On Wed, Apr 17, 2024 at 10:41:22AM -0700, Brian C. Lane wrote:
> On Sat, Apr 13, 2024 at 11:16:37AM +, Zbigniew Jędrzejewski-Szmek wrote:
> > If we don't want to pull in an additional language framework, the
> > options are either a compiled language or a scripting language that is
> > already installed anyway, i.e. bash or awk. Considering that we want
> > to do multiprocessing and/or multithreading to make things quick, a
> > compiled language seems better. And among the compiled languages, I
> > think Rust should be the default choice nowadays.
> 
> But this does seem to be using python? The readme says it uses
> marshalparser and the pyc handler imports it:
> 
> https://github.com/keszybz/add-determinism/blob/ffdc8364839b42e22e846dce41061a061da64451/src/handlers/pyc.rs#L323
> 
> so you still need python, right?

Yes, kind of. Python and the marshalparser module are used for
.pyc files. The marshalparser module is already there, and I didn't
see a good reason to reimplement that code. But if there are no .pyc
files, that code is not used.

Zbyszek
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-17 Thread Brian C. Lane

On Sat, Apr 13, 2024 at 11:16:37AM +, Zbigniew Jędrzejewski-Szmek wrote:
> If we don't want to pull in an additional language framework, the
> options are either a compiled language or a scripting language that is
> already installed anyway, i.e. bash or awk. Considering that we want
> to do multiprocessing and/or multithreading to make things quick, a
> compiled language seems better. And among the compiled languages, I
> think Rust should be the default choice nowadays.

But this does seem to be using python? The readme says it uses
marshalparser and the pyc handler imports it:

https://github.com/keszybz/add-determinism/blob/ffdc8364839b42e22e846dce41061a061da64451/src/handlers/pyc.rs#L323

so you still need python, right?

Brian

-- 
Brian C. Lane (PST8PDT) - weldr.io - lorax - parted - pykickstart
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-17 Thread Zbigniew Jędrzejewski-Szmek

On Wed, Apr 17, 2024 at 08:58:46AM -0400, Neal Gompa wrote:
> On Wed, Apr 17, 2024 at 5:30 AM Fabio Valentini  wrote:
> >
> > On Wed, Apr 17, 2024, 08:45 Tim Landscheidt  wrote:
> >>
> >> Zbigniew Jędrzejewski-Szmek  wrote:
> >>
> >> > […]
> >>
> >> >> - use dynamic buildrequires to detect what plugins are needed
> >>
> >> > My problem is that the binary is linked to the libpython3.12.so shared
> >> > library… The detection part is easy, the hard part is how to have the
> >> > binary work when the shared lib is not installed.
> >>
> >> Quick 'n' dirty: Have two binaries, unconditionally call
> >> add-determinism-python for *.pyc files, either from
> >> add-determinism or the BRP macro (which essentially should
> >> be called when %__brp_python_bytecompile is called?), rely
> >> on the packager to build-require add-determinism-python or
> >> require that from python3-devel (the missing binary should
> >> fail the build otherwise).
> >
> >
> > Something like this could be even made automatic.
> >
> > - split Python-specific functionality into a separate binary and subpackage 
> > of add-determinism
> > - add only add-determinism to the default buildroot
> > - add "Requires: (add-determinism-python if python3)" to add-determinism
> >
> > That way the pyc processing functionality would only be pulled in iff 
> > python3 is already getting installed by something else.
> 
> Because this is written in Rust instead of Python, you will need a
> build variant for *every* Python interpreter shipped in Fedora.

No, just one one, at any given time.

Or in other words, it's the same as any application using Python in
Fedora: it is built against some version of Python, usually the
default one.

(pyo3 has support for linking to the stable python abi, which
theoretically would allow the program to be able to run with python
versions newer than the one against which it was built. I didn't look
at the details, so I don't know what would be needed to link it like
that and whether that'd actually make things better for us.)

Zbyszek
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-17 Thread Neal Gompa

On Wed, Apr 17, 2024 at 5:30 AM Fabio Valentini  wrote:
>
> On Wed, Apr 17, 2024, 08:45 Tim Landscheidt  wrote:
>>
>> Zbigniew Jędrzejewski-Szmek  wrote:
>>
>> > […]
>>
>> >> - use dynamic buildrequires to detect what plugins are needed
>>
>> > My problem is that the binary is linked to the libpython3.12.so shared
>> > library… The detection part is easy, the hard part is how to have the
>> > binary work when the shared lib is not installed.
>>
>> Quick 'n' dirty: Have two binaries, unconditionally call
>> add-determinism-python for *.pyc files, either from
>> add-determinism or the BRP macro (which essentially should
>> be called when %__brp_python_bytecompile is called?), rely
>> on the packager to build-require add-determinism-python or
>> require that from python3-devel (the missing binary should
>> fail the build otherwise).
>
>
> Something like this could be even made automatic.
>
> - split Python-specific functionality into a separate binary and subpackage 
> of add-determinism
> - add only add-determinism to the default buildroot
> - add "Requires: (add-determinism-python if python3)" to add-determinism
>
> That way the pyc processing functionality would only be pulled in iff python3 
> is already getting installed by something else.

Because this is written in Rust instead of Python, you will need a
build variant for *every* Python interpreter shipped in Fedora.




--
真実はいつも一つ！/ Always, there's only one truth!
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-17 Thread Fabio Valentini

On Wed, Apr 17, 2024, 08:45 Tim Landscheidt  wrote:

> Zbigniew Jędrzejewski-Szmek  wrote:
>
> > […]
>
> >> - use dynamic buildrequires to detect what plugins are needed
>
> > My problem is that the binary is linked to the libpython3.12.so shared
> > library… The detection part is easy, the hard part is how to have the
> > binary work when the shared lib is not installed.
>
> Quick 'n' dirty: Have two binaries, unconditionally call
> add-determinism-python for *.pyc files, either from
> add-determinism or the BRP macro (which essentially should
> be called when %__brp_python_bytecompile is called?), rely
> on the packager to build-require add-determinism-python or
> require that from python3-devel (the missing binary should
> fail the build otherwise).
>

Something like this could be even made automatic.

- split Python-specific functionality into a separate binary and subpackage
of add-determinism
- add only add-determinism to the default buildroot
- add "Requires: (add-determinism-python if python3)" to add-determinism

That way the pyc processing functionality would only be pulled in iff
python3 is already getting installed by something else.

Fabio



> Tim
> --
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-17 Thread Zbigniew Jędrzejewski-Szmek

On Wed, Apr 17, 2024 at 09:38:30AM +0200, Miroslav Suchý wrote:
> Dne 17. 04. 24 v 9:20 dop. Zbigniew Jędrzejewski-Szmek napsal(a):
> > > By adding this functionality to Mock itself. It can be optional 
> > > (--add-determinism). And then Mock can call
> > > 
> > >    add-determinism $chroot/%buildroot/
> > I don't think we should make this particular functionality special.
> > We have a bunch of brps:
> 
> It depends... if you want to have this check/sanitization part of rpmbuild.
> When it is small,and does not inflate buildroot, then fine.
> 
> Over the years, I learn that people have different view where each component 
> should go. :) I will not argue.
> 
> If you package add-determinism I can help you to add it to Mock. Likely as 
> plugin:
> 
> https://rpm-software-management.github.io/mock/#plugins
> 
> that is called in `postbuild`
> 
> https://rpm-software-management.github.io/mock/Plugin-Hooks
> 
> And by helping I mean that I will create the initial PR and you (and others) 
> will test the functionality. Deal?

Thank you for the offer. I _might_ take you up on it later, but
for now, I think it's better to keep this inside of the buildroot.

I don't think that this functionality should be tied to mock. Right
now, the helper runs for 'fedpkg local' (as all brps), but if it's
moved to mock, then we'd need to at least call it from two places.

Zbyszek
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-17 Thread Miroslav Suchý


Dne 17. 04. 24 v 9:20 dop. Zbigniew Jędrzejewski-Szmek napsal(a):

By adding this functionality to Mock itself. It can be optional 
(--add-determinism). And then Mock can call

   add-determinism $chroot/%buildroot/

I don't think we should make this particular functionality special.
We have a bunch of brps:


It depends... if you want to have this check/sanitization part of rpmbuild. When it is small,and does not inflate 
buildroot, then fine.


Over the years, I learn that people have different view where each component 
should go. :) I will not argue.

If you package add-determinism I can help you to add it to Mock. Likely as 
plugin:

https://rpm-software-management.github.io/mock/#plugins

that is called in `postbuild`

https://rpm-software-management.github.io/mock/Plugin-Hooks

And by helping I mean that I will create the initial PR and you (and others) 
will test the functionality. Deal?

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-17 Thread Zbigniew Jędrzejewski-Szmek

On Wed, Apr 17, 2024 at 08:39:48AM +0200, Miroslav Suchý wrote:
> Dne 16. 04. 24 v 10:04 odp. Zbigniew Jędrzejewski-Szmek napsal(a):
> > Hmm, how would that work? We call mock, which calls systemd-nspawn,
> > which runs rpmbuild, and the build env is completely isolated from the
> > host.
> 
> By adding this functionality to Mock itself. It can be optional 
> (--add-determinism). And then Mock can call
> 
>   add-determinism $chroot/%buildroot/

I don't think we should make this particular functionality special.
We have a bunch of brps:
+ /usr/lib/rpm/check-buildroot
+ /usr/lib/rpm/redhat/brp-ldconfig
+ /usr/lib/rpm/brp-compress
+ /usr/lib/rpm/redhat/brp-strip-lto
+ /usr/lib/rpm/brp-strip-static-archive
+ /usr/lib/rpm/check-rpaths
+ /usr/lib/rpm/redhat/brp-mangle-shebangs
+ /usr/lib/rpm/brp-remove-la-files
+ /usr/lib/rpm/redhat/brp-python-bytecompile
+ /usr/lib/rpm/redhat/brp-python-hardlink
And if such a feature is added, it should be generic to allow all
and any of those to be moved out of the build env.

In some ways, that'd be nice, because we wouldn't have to install
additional tools in the buildroot. But OTOH, those tools are rather
small and bash/find/etc probably need to be installed anyway. And
also, the package can configure and override the brps via macros. If
they were called from the outside, we'd need to at least figure out a
new protocol for that.

Certainly an interesting idea, but I'm not convinced, yet.

---

BTW.:
+ /usr/lib/rpm/brp-remove-la-files

This one means that various packages that remove .la files on their
own don't need to do this. Maybe we could have a pp sweep over the
specs and drop various 'find %{buildroot} -name *.la -delete'?

Zbyszek
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-17 Thread Tim Landscheidt

Zbigniew Jędrzejewski-Szmek  wrote:

> […]

>> - use dynamic buildrequires to detect what plugins are needed

> My problem is that the binary is linked to the libpython3.12.so shared
> library… The detection part is easy, the hard part is how to have the
> binary work when the shared lib is not installed.

Quick 'n' dirty: Have two binaries, unconditionally call
add-determinism-python for *.pyc files, either from
add-determinism or the BRP macro (which essentially should
be called when %__brp_python_bytecompile is called?), rely
on the packager to build-require add-determinism-python or
require that from python3-devel (the missing binary should
fail the build otherwise).

Tim
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-17 Thread Miroslav Suchý


Dne 16. 04. 24 v 10:04 odp. Zbigniew Jędrzejewski-Szmek napsal(a):

Hmm, how would that work? We call mock, which calls systemd-nspawn,
which runs rpmbuild, and the build env is completely isolated from the
host.


By adding this functionality to Mock itself. It can be optional 
(--add-determinism). And then Mock can call

  add-determinism $chroot/%buildroot/


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-16 Thread Zbigniew Jędrzejewski-Szmek

On Tue, Apr 16, 2024 at 09:42:27AM +0200, Pavel Raiskup wrote:
> On sobota 13. dubna 2024 21:04:06, CEST Zbigniew Jędrzejewski-Szmek wrote:
> > On Sat, Apr 13, 2024 at 01:38:49PM +, Zbigniew Jędrzejewski-Szmek wrote:
> > > On Sat, Apr 13, 2024 at 01:41:59PM +0200, Fabio Valentini wrote:
> > > > On Sat, Apr 13, 2024 at 1:18 PM Zbigniew Jędrzejewski-Szmek
> > > >  wrote:
> > > > >
> > > > > Yes. But actually I think Rust is the optimal choice here. Writing
> > > > > this in Python would be possibly slightly nicer, but we don't want
> > > > > to pull the interpreter and packages into the buildroot. Python
> > > > > also has the problem (challenge?) that it needs to be bootstrapped
> > > > > once per year. The less packages are involved in the bootstrap, the
> > > > > easier it is. And if the brp was written in Python, we'd need to
> > > > > deal with that, and it would probably increase the number of builds
> > > > > which are done without the cleanup. Having this as an indepedent
> > > > > binary avoids some of the issues with bootstrap.
> > > > 
> > > > I think Rust *would* be a good choice here ...
> > > > BUT add-determinism uses pyo3 to link to CPython, so it pulls in
> > > > python3-libs anyway.
> > > > So you get the downsides of pulling in Python without the upsides of
> > > > using Rust ...
> > > 
> > > Yes, it currently pulls in python3-libs as a dependency, but not the
> > > rest of the Python stack. Ideally, the dependency on python3-libs will
> > > become optional, and we'll use it if found at runtime if found and
> > > ignore otherwise. (Anything that creates pyc files will have python
> > > installed, so it's fine if the pyc handler only works if there.)
> > > How to best do this is something that needs to be figured out…
> > 
> > https://github.com/keszybz/add-determinism/pull/1 makes the dependency
> > on libpython optional. One option would be to compile the binary
> > twice, and use rich dependencies to install the heavyweight one if
> > python3 is installed. If somebody has a better approach, I'm all ears.
> 
> I do not claim these are better approaches, but you could:
> 
> - you could consider using tooling "from host", not "from chroot"
>   (adding a dependency to Mock seems just fine then)

Hmm, how would that work? We call mock, which calls systemd-nspawn,
which runs rpmbuild, and the build env is completely isolated from the
host.

> - use dynamic buildrequires to detect what plugins are needed

My problem is that the binary is linked to the libpython3.12.so shared
library… The detection part is easy, the hard part is how to have the
binary work when the shared lib is not installed.

Zbyszek
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-16 Thread Pavel Raiskup

On sobota 13. dubna 2024 21:04:06, CEST Zbigniew Jędrzejewski-Szmek wrote:
> On Sat, Apr 13, 2024 at 01:38:49PM +, Zbigniew Jędrzejewski-Szmek wrote:
> > On Sat, Apr 13, 2024 at 01:41:59PM +0200, Fabio Valentini wrote:
> > > On Sat, Apr 13, 2024 at 1:18 PM Zbigniew Jędrzejewski-Szmek
> > >  wrote:
> > > >
> > > > Yes. But actually I think Rust is the optimal choice here. Writing
> > > > this in Python would be possibly slightly nicer, but we don't want
> > > > to pull the interpreter and packages into the buildroot. Python
> > > > also has the problem (challenge?) that it needs to be bootstrapped
> > > > once per year. The less packages are involved in the bootstrap, the
> > > > easier it is. And if the brp was written in Python, we'd need to
> > > > deal with that, and it would probably increase the number of builds
> > > > which are done without the cleanup. Having this as an indepedent
> > > > binary avoids some of the issues with bootstrap.
> > > 
> > > I think Rust *would* be a good choice here ...
> > > BUT add-determinism uses pyo3 to link to CPython, so it pulls in
> > > python3-libs anyway.
> > > So you get the downsides of pulling in Python without the upsides of
> > > using Rust ...
> > 
> > Yes, it currently pulls in python3-libs as a dependency, but not the
> > rest of the Python stack. Ideally, the dependency on python3-libs will
> > become optional, and we'll use it if found at runtime if found and
> > ignore otherwise. (Anything that creates pyc files will have python
> > installed, so it's fine if the pyc handler only works if there.)
> > How to best do this is something that needs to be figured out…
> 
> https://github.com/keszybz/add-determinism/pull/1 makes the dependency
> on libpython optional. One option would be to compile the binary
> twice, and use rich dependencies to install the heavyweight one if
> python3 is installed. If somebody has a better approach, I'm all ears.

I do not claim these are better approaches, but you could:

- you could consider using tooling "from host", not "from chroot"
  (adding a dependency to Mock seems just fine then)

- use dynamic buildrequires to detect what plugins are needed

Pavel

> Zbyszek
> --
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it: 
> https://pagure.io/fedora-infrastructure/new_issue
> 



signature.asc
Description: This is a digitally signed message part.
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-15 Thread Zbigniew Jędrzejewski-Szmek

On Mon, Apr 15, 2024 at 12:59:04PM +0200, Vít Ondruch wrote:
> Could you please share some comparison of what is impact on buildroot? How
> many packages added, download size, install size.

$ rpm -qiR add-determinism-0.2.0-1.fc40.x86_64   
...
Size: 2801276 (installed size, 2.7 MB)
...
libc.so.6()(64bit)
libgcc_s.so.1()(64bit)
libbz2.so.1()(64bit)
libzstd.so.1()(64bit)
libpython3.12.so.1.0()(64bit)
...

So I think the size and deps are neglible, with the exception of
libpython3, which is large (45 MB). As discussed, we'll make it optional.
I amended the Proposal page now to say that explicitly.

Zbyszek
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-15 Thread Vít Ondruch



Dne 15. 04. 24 v 11:10 Miroslav Suchý napsal(a):

Dne 13. 04. 24 v 1:16 odp. Zbigniew Jędrzejewski-Szmek napsal(a):

The proposal explicitly states that we don't want Perl in all buildroots.


How many seconds we save by NOT pulling Perl? Per each build? In total 
for whole release cycle?




I know that I have saved quite significant time every build.

Also having buildroot minimal also makes sure that we have correctly 
specified explicit dependencies, therefore making the builds more 
reproducible. IOW adding Perl back into the build root would be against 
the goal of this change proposal.



Vít


How many seconds we loose (lost) by refactoring the code? And syncing 
with Debian? Or even worse finding issues that Debian will find and we 
not?


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys

--
___
devel mailing list --devel@lists.fedoraproject.org
To unsubscribe send an email todevel-le...@lists.fedoraproject.org
Fedora Code of 
Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
List 
Archives:https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report 
it:https://pagure.io/fedora-infrastructure/new_issue


OpenPGP_signature.asc
Description: OpenPGP digital signature
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-15 Thread Vít Ondruch



Dne 13. 04. 24 v 21:04 Zbigniew Jędrzejewski-Szmek napsal(a):

On Sat, Apr 13, 2024 at 01:38:49PM +, Zbigniew Jędrzejewski-Szmek wrote:

On Sat, Apr 13, 2024 at 01:41:59PM +0200, Fabio Valentini wrote:

On Sat, Apr 13, 2024 at 1:18 PM Zbigniew Jędrzejewski-Szmek
 wrote:

Yes. But actually I think Rust is the optimal choice here. Writing
this in Python would be possibly slightly nicer, but we don't want
to pull the interpreter and packages into the buildroot. Python
also has the problem (challenge?) that it needs to be bootstrapped
once per year. The less packages are involved in the bootstrap, the
easier it is. And if the brp was written in Python, we'd need to
deal with that, and it would probably increase the number of builds
which are done without the cleanup. Having this as an indepedent
binary avoids some of the issues with bootstrap.

I think Rust *would* be a good choice here ...
BUT add-determinism uses pyo3 to link to CPython, so it pulls in
python3-libs anyway.
So you get the downsides of pulling in Python without the upsides of
using Rust ...

Yes, it currently pulls in python3-libs as a dependency, but not the
rest of the Python stack. Ideally, the dependency on python3-libs will
become optional, and we'll use it if found at runtime if found and
ignore otherwise. (Anything that creates pyc files will have python
installed, so it's fine if the pyc handler only works if there.)
How to best do this is something that needs to be figured out…

https://github.com/keszybz/add-determinism/pull/1 makes the dependency
on libpython optional. One option would be to compile the binary
twice, and use rich dependencies to install the heavyweight one if
python3 is installed. If somebody has a better approach, I'm all ears.



Could you please share some comparison of what is impact on buildroot? 
How many packages added, download size, install size.


Thx a lot


Vít



OpenPGP_signature.asc
Description: OpenPGP digital signature
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-15 Thread Zbigniew Jędrzejewski-Szmek

On Mon, Apr 15, 2024 at 11:10:28AM +0200, Miroslav Suchý wrote:
> Dne 13. 04. 24 v 1:16 odp. Zbigniew Jędrzejewski-Szmek napsal(a):
> > The proposal explicitly states that we don't want Perl in all buildroots.
> 
> How many seconds we save by NOT pulling Perl? Per each build? In total for 
> whole release cycle?
> 
> How many seconds we loose (lost) by refactoring the code?

I wasn't measuring the time exactly, but about two weeks of my time.

> And syncing with Debian?
> Or even worse finding issues that Debian will find and we not?

Some divergence from Debian would happen anyway. Their build system is
different enough that we have some non-overlapping issues. And in my
implementation, I was a bit more conservative in what is changed,
doing the minimal replacements. We'd either have to maintain some
patches or wait until upstream accepts our changes and makes a
release. Having a tool that is under our control allows us to update
much more quickly.

For Perl, the issue is not so much the seconds and megabytes, but that
a) Perl is now effectively a niche language, we made the choice to use
Python for tooling instead a long time ago, and b) it'd pull in the
interpreter and a set of modules. Considering that we need python
marshalparser for the pyc files, that'd mean two interpreter stacks in
some cases. Perl certainly has and will have its uses, but I don't
think we should use it when adding completely new tooling to our
build system.

Zbyszek
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-15 Thread Miroslav Suchý


Dne 13. 04. 24 v 1:16 odp. Zbigniew Jędrzejewski-Szmek napsal(a):

The proposal explicitly states that we don't want Perl in all buildroots.


How many seconds we save by NOT pulling Perl? Per each build? In total for 
whole release cycle?

How many seconds we loose (lost) by refactoring the code? And syncing with Debian? Or even worse finding issues that 
Debian will find and we not?


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-13 Thread Zbigniew Jędrzejewski-Szmek

On Sat, Apr 13, 2024 at 01:38:49PM +, Zbigniew Jędrzejewski-Szmek wrote:
> On Sat, Apr 13, 2024 at 01:41:59PM +0200, Fabio Valentini wrote:
> > On Sat, Apr 13, 2024 at 1:18 PM Zbigniew Jędrzejewski-Szmek
> >  wrote:
> > >
> > > Yes. But actually I think Rust is the optimal choice here. Writing
> > > this in Python would be possibly slightly nicer, but we don't want
> > > to pull the interpreter and packages into the buildroot. Python
> > > also has the problem (challenge?) that it needs to be bootstrapped
> > > once per year. The less packages are involved in the bootstrap, the
> > > easier it is. And if the brp was written in Python, we'd need to
> > > deal with that, and it would probably increase the number of builds
> > > which are done without the cleanup. Having this as an indepedent
> > > binary avoids some of the issues with bootstrap.
> > 
> > I think Rust *would* be a good choice here ...
> > BUT add-determinism uses pyo3 to link to CPython, so it pulls in
> > python3-libs anyway.
> > So you get the downsides of pulling in Python without the upsides of
> > using Rust ...
> 
> Yes, it currently pulls in python3-libs as a dependency, but not the
> rest of the Python stack. Ideally, the dependency on python3-libs will
> become optional, and we'll use it if found at runtime if found and
> ignore otherwise. (Anything that creates pyc files will have python
> installed, so it's fine if the pyc handler only works if there.)
> How to best do this is something that needs to be figured out…

https://github.com/keszybz/add-determinism/pull/1 makes the dependency
on libpython optional. One option would be to compile the binary
twice, and use rich dependencies to install the heavyweight one if
python3 is installed. If somebody has a better approach, I'm all ears.

Zbyszek
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-13 Thread Zbigniew Jędrzejewski-Szmek

On Sat, Apr 13, 2024 at 01:41:59PM +0200, Fabio Valentini wrote:
> On Sat, Apr 13, 2024 at 1:18 PM Zbigniew Jędrzejewski-Szmek
>  wrote:
> >
> > Yes. But actually I think Rust is the optimal choice here. Writing
> > this in Python would be possibly slightly nicer, but we don't want
> > to pull the interpreter and packages into the buildroot. Python
> > also has the problem (challenge?) that it needs to be bootstrapped
> > once per year. The less packages are involved in the bootstrap, the
> > easier it is. And if the brp was written in Python, we'd need to
> > deal with that, and it would probably increase the number of builds
> > which are done without the cleanup. Having this as an indepedent
> > binary avoids some of the issues with bootstrap.
> 
> I think Rust *would* be a good choice here ...
> BUT add-determinism uses pyo3 to link to CPython, so it pulls in
> python3-libs anyway.
> So you get the downsides of pulling in Python without the upsides of
> using Rust ...

Yes, it currently pulls in python3-libs as a dependency, but not the
rest of the Python stack. Ideally, the dependency on python3-libs will
become optional, and we'll use it if found at runtime if found and
ignore otherwise. (Anything that creates pyc files will have python
installed, so it's fine if the pyc handler only works if there.)
How to best do this is something that needs to be figured out…

Zbyszek
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-13 Thread Fabio Valentini

On Sat, Apr 13, 2024 at 1:18 PM Zbigniew Jędrzejewski-Szmek
 wrote:
>
> Yes. But actually I think Rust is the optimal choice here. Writing
> this in Python would be possibly slightly nicer, but we don't want
> to pull the interpreter and packages into the buildroot. Python
> also has the problem (challenge?) that it needs to be bootstrapped
> once per year. The less packages are involved in the bootstrap, the
> easier it is. And if the brp was written in Python, we'd need to
> deal with that, and it would probably increase the number of builds
> which are done without the cleanup. Having this as an indepedent
> binary avoids some of the issues with bootstrap.

I think Rust *would* be a good choice here ...
BUT add-determinism uses pyo3 to link to CPython, so it pulls in
python3-libs anyway.
So you get the downsides of pulling in Python without the upsides of
using Rust ...

Fabio
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-13 Thread Zbigniew Jędrzejewski-Szmek

On Sat, Apr 13, 2024 at 04:12:09AM -0500, Neal Gompa wrote:
> On Sat, Apr 13, 2024 at 3:59 AM Richard W.M. Jones  wrote:
> >
> > On Fri, Apr 12, 2024 at 10:41:43PM +0100, Aoife Moloney wrote:
> > > [https://github.com/keszybz/add-determinism add-determinism] is a Rust
> > > program which, as its name suggests, adds determinism to files that
> > > are given as input by attempting to standardize metadata contained in
> > > binary or source files to ensure consistency and clamping to
> > > $SOURCE_DATE_EPOCH in all instances. `add-determinism` is the "Fedora
> > > version" of 
> > > [https://salsa.debian.org/reproducible-builds/strip-nondeterminism
> > > strip-nondeterminism] from the Debian project. Since
> > > strip-nondeterminism is written in perl, it is undesirable for use in
> > > Fedora, as we don't want to pull perl in the buildroot for every
> > > package.

The proposal explicitly states that we don't want Perl in all buildroots.
It doesn't say that explicitly, but we also don't want Python.
In the past we made an effort to remove gcc and make
[https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot,
https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot],
and Python would be a fairly big addition.

If we don't want to pull in an additional language framework, the
options are either a compiled language or a scripting language that is
already installed anyway, i.e. bash or awk. Considering that we want
to do multiprocessing and/or multithreading to make things quick, a
compiled language seems better. And among the compiled languages, I
think Rust should be the default choice nowadays.

The resulting binary is a single file of 2.6 MB, which is more than
it'd be if written in C, but still reasonably small.

> > https://github.com/keszybz/add-determinism looks like a package with a
> > lot of Rust dependencies just to make some small changes to four
> > different file types. Isn't there an easier way to do this?  I would
> > have thought a Python library would be more suitable as the most
> > complicated bit is the *.pyc change which is done using Python code.

The program currently has just four "handlers", but I expect that we'll
need to add some more. Those four address issues that were apparent
after a "mini mass rebuild" of ~2k packages, but that covered only
a subset of packages, and it's possible that those most obvious issues
masked other issues, and we didn't analyze all failures in detail, etc.
The program is structured so that it should be simple to add
additional handlers.

Now I'll try to channel Fabio V.: all the crates that are dependencies
are commonly used, i.e. they're in the common set of crates that are
used by modern Rust code and we need them to be packaged anyway. The
packaging effort for add-determinism was miniscule.
(I made a mistake by packaging a snapshot, which the guidelines
disallow like I did it, but when doing it correctly, it's really just
a matter of running rust2rpm and filling in some blanks.)

> Considering Debian's version is in Perl, yes, it's quite reasonable to
> consider that. It could have been written in Python, C++, or even
> shell (if you truly hated yourself). I'm not a big fan of Rust for
> this either. But unless someone offers to make another version that is
> more appealing, this is what we have.

Yes. But actually I think Rust is the optimal choice here. Writing
this in Python would be possibly slightly nicer, but we don't want
to pull the interpreter and packages into the buildroot. Python
also has the problem (challenge?) that it needs to be bootstrapped
once per year. The less packages are involved in the bootstrap, the
easier it is. And if the brp was written in Python, we'd need to
deal with that, and it would probably increase the number of builds
which are done without the cleanup. Having this as an indepedent
binary avoids some of the issues with bootstrap.

Please note that add-determinism has:
- configurable logging
- unit tests
- integration tests
- multiprocess support
- atomic file replacements (for files without hardlinks)
- rewriting of files in place (for files with hardlinks)

Doing this in bash would be doable, but not worth it, IMO.

Zbyszek
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-13 Thread Neal Gompa

On Sat, Apr 13, 2024 at 3:59 AM Richard W.M. Jones  wrote:
>
> On Fri, Apr 12, 2024 at 10:41:43PM +0100, Aoife Moloney wrote:
> > [https://github.com/keszybz/add-determinism add-determinism] is a Rust
> > program which, as its name suggests, adds determinism to files that
> > are given as input by attempting to standardize metadata contained in
> > binary or source files to ensure consistency and clamping to
> > $SOURCE_DATE_EPOCH in all instances. `add-determinism` is the "Fedora
> > version" of 
> > [https://salsa.debian.org/reproducible-builds/strip-nondeterminism
> > strip-nondeterminism] from the Debian project. Since
> > strip-nondeterminism is written in perl, it is undesirable for use in
> > Fedora, as we don't want to pull perl in the buildroot for every
> > package.
>
> https://github.com/keszybz/add-determinism looks like a package with a
> lot of Rust dependencies just to make some small changes to four
> different file types.  Isn't there an easier way to do this?  I would
> have thought a Python library would be more suitable as the most
> complicated bit is the *.pyc change which is done using Python code.
>

Considering Debian's version is in Perl, yes, it's quite reasonable to
consider that. It could have been written in Python, C++, or even
shell (if you truly hated yourself). I'm not a big fan of Rust for
this either. But unless someone offers to make another version that is
more appealing, this is what we have.



--
真実はいつも一つ！/ Always, there's only one truth!
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-13 Thread Richard W.M. Jones

On Fri, Apr 12, 2024 at 10:41:43PM +0100, Aoife Moloney wrote:
> [https://github.com/keszybz/add-determinism add-determinism] is a Rust
> program which, as its name suggests, adds determinism to files that
> are given as input by attempting to standardize metadata contained in
> binary or source files to ensure consistency and clamping to
> $SOURCE_DATE_EPOCH in all instances. `add-determinism` is the "Fedora
> version" of [https://salsa.debian.org/reproducible-builds/strip-nondeterminism
> strip-nondeterminism] from the Debian project. Since
> strip-nondeterminism is written in perl, it is undesirable for use in
> Fedora, as we don't want to pull perl in the buildroot for every
> package.

https://github.com/keszybz/add-determinism looks like a package with a
lot of Rust dependencies just to make some small changes to four
different file types.  Isn't there an easier way to do this?  I would
have thought a Python library would be more suitable as the most
complicated bit is the *.pyc change which is done using Python code.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
nbdkit - Flexible, fast NBD server with plugins
https://gitlab.com/nbdkit/nbdkit
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-12 Thread Aoife Moloney

Wiki - https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds
Discussion.fpo -
https://discussion.fedoraproject.org/t/f41-change-proposal-reproducible-package-builds-system-wide/112740

== Summary ==

A post-build cleanup is integrated into the RPM build process so that
common causes of build irreproducibility in packages are removed,
making most of Fedora packages reproducible.

== Owner ==
* Name: Davide Cavalca
* Name: Neil Hanlon
* Name: [[User:churchyard|Miro Hrončok]]
* Name: [[User:zbyszek|Zbigniew Jędrzejewski-Szmek]]

* Email: dcava...@fedoraproject.org
* Email: neil at shrug.pw
* Email: mhroncok at redhat.com
* Email: zbyszek at in.waw.pl



== Detailed Description ==
As of 2023 there is an active effort to implement
[https://docs.fedoraproject.org/en-US/reproducible-builds/
Reproducible builds] in Fedora. Reproducible builds will allow our
users to be able to independently verify that the RPMs have not been
tampered with (either maliciously or via hardware/software fault):
someone can do an independent rebuild of a package and confirm that
they get identical binaries when building with the same versions of
the compiler and other tools. This Change allows us to move forward in
this direction by removing the common sources of irreproducibility.

[https://github.com/keszybz/add-determinism add-determinism] is a Rust
program which, as its name suggests, adds determinism to files that
are given as input by attempting to standardize metadata contained in
binary or source files to ensure consistency and clamping to
$SOURCE_DATE_EPOCH in all instances. `add-determinism` is the "Fedora
version" of [https://salsa.debian.org/reproducible-builds/strip-nondeterminism
strip-nondeterminism] from the Debian project. Since
strip-nondeterminism is written in perl, it is undesirable for use in
Fedora, as we don't want to pull perl in the buildroot for every
package.

It's worth noting that this Change does not intend to impose any
specific reproducibility requirements on Fedora packages. Once this
Change is implemented and we have been through a mass rebuild and can
verify that the common causes of irreproducibility have indeed been
removed, we can consider further steps. But that will be at least one
release later.

This change does add a small amount of time to the processing of RPMs
at the end of a build. Accordingly, packages containing large
quantities or sizes of files can be slower, but this effect is not
expected to be noticeable. `add-determinism` takes steps to ensure it
does not interfere with other buildroot post processors like
`mangle-shebangs`, `python-hardlink`, `python-bytecompile`. It
defaults to not doing any modifications in case it doesn't understand
the input file or there are any other problems.

A mechanism to opt-out will be provided: to either completely disable
the postprocessing step or to disable specific "handlers" (i.e.
implementations of cleanup for specific file types, for example static
archives). See 
[https://github.com/keszybz/add-determinism/blob/main/rpm/macros.build-reproducibility
macros.build-reproducibility].

=== Related Changes ===
* [https://fedoraproject.org/wiki/Changes/ReproducibleBuildsClampMtimes
Clamp build mtimes to SOURCE_DATE_EPOCH]
* [https://fedoraproject.org/wiki/Changes/RPM-4.20 RPM 4.20] — this
pulls in changes to `%autosetup -S git` which removed a source of
irreproducibility.

== Feedback ==


== Benefit to Fedora ==
Adding determinism (i.e., removing non-determinsim) enables the Fedora
community to have confidence that, if given the same source code,
build environment, build instructions, and metadata from the build
artifacts, any party can recreate copies of the artifacts that are
identical except for the signatures and some parts of metadata.

Reproducibility of builds leads to packages of higher quality. It
turns out that quite often those irreproducible bits are caused by an
error or sloppiness in the code. In particular, any dependence on
architecture in noarch packages is almost always unwanted and/or a
bug. Test builds that check reproducibility will expose such
instances.

Reproducibility of builds makes it easier to develop packages: when a
small change is made and a package is rebuilt (in the same
environment), then with a reproducible package, the only difference is
directly caused by the change. If the package is different every time
it is rebuilt, making a comparison is much harder.

Build reproducibility for noarch ''sub''packages solves the problem
where package builds on different architectures are different, causing
mock to reject the whole build. In particular, this issue occurs for
[https://docs.fedoraproject.org/en-US/packaging-guidelines/Python_Appendix/#_byte_compilation_reproducibility
pyc files]. This will now be solved without requiring opt-in from
individual packages.


== Scope ==

* Proposal Owners:
** Integrate `add-determinism` as a BuildRoot Policy script
** Add a dependency on `marsha

F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-12 Thread Aoife Moloney

Wiki - https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds
Discussion.fpo -
https://discussion.fedoraproject.org/t/f41-change-proposal-reproducible-package-builds-system-wide/112740

== Summary ==

A post-build cleanup is integrated into the RPM build process so that
common causes of build irreproducibility in packages are removed,
making most of Fedora packages reproducible.

== Owner ==
* Name: Davide Cavalca
* Name: Neil Hanlon
* Name: [[User:churchyard|Miro Hrončok]]
* Name: [[User:zbyszek|Zbigniew Jędrzejewski-Szmek]]

* Email: dcava...@fedoraproject.org
* Email: neil at shrug.pw
* Email: mhroncok at redhat.com
* Email: zbyszek at in.waw.pl



== Detailed Description ==
As of 2023 there is an active effort to implement
[https://docs.fedoraproject.org/en-US/reproducible-builds/
Reproducible builds] in Fedora. Reproducible builds will allow our
users to be able to independently verify that the RPMs have not been
tampered with (either maliciously or via hardware/software fault):
someone can do an independent rebuild of a package and confirm that
they get identical binaries when building with the same versions of
the compiler and other tools. This Change allows us to move forward in
this direction by removing the common sources of irreproducibility.

[https://github.com/keszybz/add-determinism add-determinism] is a Rust
program which, as its name suggests, adds determinism to files that
are given as input by attempting to standardize metadata contained in
binary or source files to ensure consistency and clamping to
$SOURCE_DATE_EPOCH in all instances. `add-determinism` is the "Fedora
version" of [https://salsa.debian.org/reproducible-builds/strip-nondeterminism
strip-nondeterminism] from the Debian project. Since
strip-nondeterminism is written in perl, it is undesirable for use in
Fedora, as we don't want to pull perl in the buildroot for every
package.

It's worth noting that this Change does not intend to impose any
specific reproducibility requirements on Fedora packages. Once this
Change is implemented and we have been through a mass rebuild and can
verify that the common causes of irreproducibility have indeed been
removed, we can consider further steps. But that will be at least one
release later.

This change does add a small amount of time to the processing of RPMs
at the end of a build. Accordingly, packages containing large
quantities or sizes of files can be slower, but this effect is not
expected to be noticeable. `add-determinism` takes steps to ensure it
does not interfere with other buildroot post processors like
`mangle-shebangs`, `python-hardlink`, `python-bytecompile`. It
defaults to not doing any modifications in case it doesn't understand
the input file or there are any other problems.

A mechanism to opt-out will be provided: to either completely disable
the postprocessing step or to disable specific "handlers" (i.e.
implementations of cleanup for specific file types, for example static
archives). See 
[https://github.com/keszybz/add-determinism/blob/main/rpm/macros.build-reproducibility
macros.build-reproducibility].

=== Related Changes ===
* [https://fedoraproject.org/wiki/Changes/ReproducibleBuildsClampMtimes
Clamp build mtimes to SOURCE_DATE_EPOCH]
* [https://fedoraproject.org/wiki/Changes/RPM-4.20 RPM 4.20] — this
pulls in changes to `%autosetup -S git` which removed a source of
irreproducibility.

== Feedback ==


== Benefit to Fedora ==
Adding determinism (i.e., removing non-determinsim) enables the Fedora
community to have confidence that, if given the same source code,
build environment, build instructions, and metadata from the build
artifacts, any party can recreate copies of the artifacts that are
identical except for the signatures and some parts of metadata.

Reproducibility of builds leads to packages of higher quality. It
turns out that quite often those irreproducible bits are caused by an
error or sloppiness in the code. In particular, any dependence on
architecture in noarch packages is almost always unwanted and/or a
bug. Test builds that check reproducibility will expose such
instances.

Reproducibility of builds makes it easier to develop packages: when a
small change is made and a package is rebuilt (in the same
environment), then with a reproducible package, the only difference is
directly caused by the change. If the package is different every time
it is rebuilt, making a comparison is much harder.

Build reproducibility for noarch ''sub''packages solves the problem
where package builds on different architectures are different, causing
mock to reject the whole build. In particular, this issue occurs for
[https://docs.fedoraproject.org/en-US/packaging-guidelines/Python_Appendix/#_byte_compilation_reproducibility
pyc files]. This will now be solved without requiring opt-in from
individual packages.


== Scope ==

* Proposal Owners:
** Integrate `add-determinism` as a BuildRoot Policy script
** Add a dependency on `marsha

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

F41 Change Proposal - Reproducible Package Builds (System-Wide)

F41 Change Proposal - Reproducible Package Builds (System-Wide)

33 matches

Site Navigation

Mail list logo

Footer information