Dne 20. 03. 25 v 11:23 dop. Neal Gompa napsal(a):
It's also notreally hermetic either. Hermetic builds require true
isolation and there is no Mock backend that provides that right now.
All it does is let you pre-download the build environment and replay
it multiple times.
OK. We can argue if systemd-nspawn containers with disabled network is good
enough isolation or not. :)
What this feature does is that it wrote down all packages used during build (including dynamic buildrequires). And can
replay it without the need to download anything from net. So even bootstrap_chroot can be isolate from network. This is
why we call it "hermetic".
For the reproducible build POV is important that this feature allows you to re-run build with older package that was
used during a build. Despite the newever version of the package being available.
Koji can do that too, and yet nobody calls it
hermetic either because chroots/containers aren't good enough for that.
I believe Koji can't do such level of isolation. DNF in bootstrap chroot has to
have access to internet in Koji.
--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
