Hi Simon! > There are lots of options for doing this, some of which are listed in > <https://wiki.debian.org/SystemBuildTools#Package_build_tools>. > > All of these have the same problem as cowbuilder, pbuilder, and any > other solution that is not sbuild + schroot: it isn't (currently) what > the production Debian buildds use, therefore it is entirely possible > (perhaps even likely, depending on what packages you maintain) that your > package will build successfully and pass tests in your own local builder, > but then fail to build or fail tests on the buildds as a result of some > quirk of how schroot sets up its chroots, which is a worse-than-RC bug > making the package unreleasable.
Could you point me to some Debian Bug # or otherwise share examples of cases when a build succeeded locally but failed on official Debian builders due to something that is specific for sbuild/schroot? I have never run in such a situation despite doing Debian packaging for 10 years with fairly complex C++ software targeting all archs Debian supports. Also as a member of the Salsa-CI team I don't recall ever seeing a bug report about something built on Salsa in a container successfully but failed to build on actual buildd. I am not dismissive of your claim - as a very senior DD you surely have those experiences - I am just curious to learn what those cases might have been. I could imagine that buildd builds fail if they the source was prepared in a non-hermetic environment that ran as root, or had network access, or if build environment was unclean and debian/control was missing some dependencies, but that is elementary hermetic build environment properties and not inherently something that *only* sbuild/schroot does. Related, you might want to take a peek at the source code of https://salsa.debian.org/otto/debcraft how it supports both Podman and Docker, and how it generates the 'root.tar.gz' equivalent container automatically based on debian/control and debian/changelog contents, and then runs the actual build as a regular non-root user in a container that has no network access. If I learn about other requirements for a hermetic build environment I would be happy to incorporate it. - Otto
