search

openSUSE / openSUSE-release-tools

Tools to aid in staging and release work for openSUSE/SUSE
GNU General Public License v2.0
57 stars 91 forks source link

Create .changes files for reproducible builds #3062

Closed JanZerebecki closed 4 months ago

JanZerebecki commented 4 months ago

release rpm files currently do not have .changes files, but these are needed to extract SOURCE_DATE_EPOCH for reproducible builds.

Use the time stamp of the last commit to the 000package-groups package as the date for the changes entry.

codecov-commenter commented 4 months ago

Codecov Report

Attention: 8 lines in your changes are missing coverage. Please review.

Comparison is base (9919e02) 28.31% compared to head (d3dbe51) 28.30%. Report is 3 commits behind head on master.

:exclamation: Current head d3dbe51 differs from pull request most recent head 7c68a33. Consider uploading reports for the commit 7c68a33 to get more accurate results

Files Patch % Lines
pkglistgen/tool.py 0.00% 8 Missing :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #3062 +/- ## ========================================== - Coverage 28.31% 28.30% -0.02% ========================================== Files 86 86 Lines 14799 14807 +8 ========================================== Hits 4191 4191 - Misses 10608 10616 +8 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

JanZerebecki commented 4 months ago

Like this PR is now, AFAIK the changes file gets copied when running PRODUCT_SERVICE to each release package, afterwards it is only used in 000release-packages.

The current date, meaning wall-clock, can not be used as it is not reproducible, meaning know from source instead of depending on when the build was started.

DimStar77 commented 4 months ago

In all fairness: reproducibility on a package that changes its version daily sounds like not exactly something we should care for :) (at least on TW - Leap/SLE might be different and have a few days of the same files)

JanZerebecki commented 4 months ago

Right, we can just use the wall-clock of generation time until the move to git when we can use a date from a commit.

Vogtinator commented 4 months ago

The current date, meaning wall-clock, can not be used as it is not reproducible, meaning know from source instead of depending on when the build was started.

i.e. you want to make the pkglistgen output reproducible and not just the generated package sources? Not sure whether we actually need that, but it's pretty much already there with

use the current datetime and only write it if there was actually a change to commit.

As that way there will not be any change commited if the generated output does not change.

JanZerebecki commented 4 months ago

Ah it is also easy to get the date of the last commit to 000package-groups from OBS. Like this ok?

JanZerebecki commented 4 months ago

Note for which ever solution is picked: the %changelog in the spec.in files in 000package-groups probably needs to be removed before the following run.