search

openSUSE / open-build-service

Build and distribute Linux packages from sources in an automatic, consistent and reproducible way #obs
https://openbuildservice.org
GNU General Public License v2.0
921 stars 437 forks source link

OBS publishes new builds under old name, confuses osc #6690

Open bmwiedemann opened 5 years ago

bmwiedemann commented 5 years ago

Issue Description

While working on reproducible builds for openSUSE, I found that I had strange local compile errors using osc build for "stack" and other haskell software, while the official builds worked just fine. This went away after removing /var/tmp/osbuild-packagecache/ . Comparing the new cache to the old one revealed several replaced packages. Here is a diff of rpm -qi of one of them (reordered lines for increased readability)

--- ghc-base-4.12.0.0-1.1.x86_64.rpm   2018-11-18 03:36:40.333066000 +0000
+++ ghc-base-4.12.0.0-1.1.x86_64.rpm   2018-12-22 21:02:02.656435000 +0000
@@ -4,12 +4,12 @@
 Architecture: x86_64
 Install Date: (not installed)
 Group       : System/Libraries
-Size        : 18618646
+Size        : 18618958
 License     : BSD-3-Clause
-Signature   : RSA/SHA256, 2018-11-08T11:22:35 UTC, Key ID b88b2fd43dbdc284
+Signature   : RSA/SHA256, 2018-12-10T14:10:20 UTC, Key ID b88b2fd43dbdc284
-Source RPM  : ghc-8.6.2-1.1.src.rpm
+Source RPM  : ghc-8.6.3-1.1.src.rpm
-Build Date  : 2018-11-08T11:10:35 UTC
+Build Date  : 2018-12-10T13:53:13 UTC
-Build Host  : build82
+Build Host  : build74
 Relocations : (not relocatable)
 Packager    : https://bugs.opensuse.org
 Vendor      : openSUSE

Expected Result

OBS should avoid publishing new binaries under old names. OBS cannot safely assume that it can reset the checkin counters just because the source version changed. So either, OBS has to stop doing that, or track it per subpackage or every user has to put better reviews in place. If it cannot be completely avoided (e.g. with package renames), we should investigate how to avoid such confusions in osc and zypper. E.g. currently, .osc/_buildinfo-standard-x86_64.xml contains only

  <bdep name="ghc-base" version="4.12.0.0" release="1.1" arch="x86_64" project="openSUSE:Factory" repository="standard" />

with no information on the expected content of the package. With an added digest, osc could detect staleness and refresh its cache.

How to Reproduce

  1. probably make a package with a subpackage that has a fixed version
  2. update the main version in the .spec file

Further Information

adrianschroeter commented 5 years ago

this seems to be a side effect of the hack overwriting the version number for sub packages at build time. OBS code can not detect this. IMHO this needs to be fixed in the package in first place.

please create a bugzilla for that for the maintainer and CC me ...

bmwiedemann commented 5 years ago

filed https://bugzilla.opensuse.org/show_bug.cgi?id=1121052

DimStar77 commented 5 years ago

this seems to be a side effect of the hack overwriting the version number for sub packages at build time. OBS code can not detect this. IMHO this needs to be fixed in the package in first place.

A sub-package having a different version than the main package is no 'hack' but perfectly valid way of using rpm.

Not just so is there a distinction between %{version} (last defined Version:) and %{VERSION} (version: in the preamble) in the spec parser

mlschroe commented 5 years ago

obs does not assume that it can reset the checkin counter if there are multiple versions in the spec file.

mlschroe commented 5 years ago

The problem is that the ghc specfile uses some macro to create the subpackages with different versions, so the detection of this condition does not work. I don't think I can fix this on the OBS side.