On Thu, Mar 20, 2025 at 10:10:23AM +0100, Miroslav Suchý wrote: > Dne 20. 03. 25 v 9:39 dop. Zbigniew Jędrzejewski-Szmek napsal(a): > > > https://rpm-software-management.github.io/mock/feature-hermetic-builds > > Yes, thanks for the link. I think this didn't exist when I started working > > on my script to do rebuilds, so I just gather the rpms reported by koji > > to have been used for the original build and call 'createrepo_c' on the > > directory and point mock to that. This works fine… But having support > > for using a lockfile natively in mock is nice. > > Yes. This is several months old. > > Pavel added it during his work on Konflux. And this feature will be used in > Konflux. > > > Though, the process described in that link seems incomplete. > > Can you elaborate? Or you can reach Pavel off-list to discuss the usage. > > > > # we want to build this package > > > srpm=your-package.src.rpm > > Where does the $srpm come from? The process of creating the srpm from > > dist-git involves running the spec, i.e. already calling "untrusted" > > code. How is that part handled? > > "mock --buildsrpm" or "fedpkg srpm". I am not sure. In Konflux creating SRPM > is separate step. So SRPM is granted from previous step.
This "separate step" is what I was talking about. That step already requires executing some untrusted code, so it should be sandboxed. > Pavel may provide more details later when he recovers from illness. > > > > Yet another build system in fedora-infra? Can the rebuilderd be adjusted > > > that it submits builds to Copr? > > That is a good question. Does copr support running a build with a > > specified "$lockfile", i.e. with a fixed set of nvra's? It would also > > have to download those rpms from koji, since they are not available > > on mirrors. > > No. Copr does not support it, because no one asked for that and there was no > use-case. When you open RFE we can discuss what it would requires and when > we can put it in our plan. Can we discuss it here, at least in the rough outline? As I wrote elsewhere in the thread, we currently ask koji for getBuildrootListing() and use the resulting list of rpm nvra's to populate a repo for mock. Can copr do this for us? > Building 30k packages locally? With frequent updates for lots of them. Does > it scale? Yeah, it scales surprisingly well. We skip %check, and for now only build on two architectures, so that saves a lot of time. One big issue was https://github.com/rpm-software-management/mock/issues/1394. This slows downs parallel builds considerably. I never found the time to figure this one out. Zbyszek -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
