On Fri, Jan 17, 2020 at 6:18 PM Richard Laager wrote: > If I'm following correctly: The packager would use rustcc >= y+3 (in > practice, likely rustcc y+5) to locally build rustcc y+5 and then do a > binary upload. But if dak (or whatever, I'm not so familiar with the > server side here) throws away the binary, then we're sunk. So there > needs to be a way to note that the binary needs to be kept. > > Assuming I'm on the right track, here are a couple of questions:
Right. > In such a case, would the source package have a Build-Depends of >= y+3? > It seems like it would. Presumably, but it is definitely possible the maintainer wouldn't know or wouldn't record which version was needed. > Could that be the way to indicate a bootstrap upload? In other words, if > the package has a Build-Depends on one of the binary packages it > produces that is _not_ satisfied in the suite it's being uploaded to but > is satisfied by this upload, then it's a bootstrap upload, and the > binaries should be kept. This would avoiding adding a new field for this > and would ensure the Build-Depends are set correctly in bootstrapping > scenarios. At this time the workflow is like this: ftp-master.d.o accepts or rejects the source/binaries, then it passes the source to buildd.d.o, which checks for build-dep installability and passes the source to the buildds. I think for your proposal to work the build-dep installability checks would also have to move to ftp-master.d.o. > Regardless of how the "keep the binaries" flag is implemented... should > the uploaded binary be published, or should the package be rebuilt? I > think I'd argue for the latter. The uploaded binary package should be > installed on the buildd and then the package should be rebuilt from > source, with _that_ result being put into the archive. This doesn't > protect against the trojaned-compiler problem, but it does at least > ensure that the package builds from source. I definitely agree that all bootstrap binaries, whether built automatically by the buildds (as proposed by Josch) or hacky maintainer-built binaries, should get rebuilt on the buildds. We already did that in the past when importing new architecture packages from ftp.ports.d.o to ftp-master.d.o. -- bye, pabs https://wiki.debian.org/PaulWise