On Thu, Mar 20, 2025 at 06:23:53AM -0400, Neal Gompa wrote: > On Thu, Mar 20, 2025 at 4:40 AM Zbigniew Jędrzejewski-Szmek > <zbys...@in.waw.pl> wrote: > > > > On Thu, Mar 20, 2025 at 08:04:57AM +0100, Miroslav Suchý wrote: > > > Dne 19. 03. 25 v 7:48 odp. Aoife Moloney via devel-announce napsal(a): > > > > == Scope == > > > > * Proposal owners: > > > > ** Package [https://github.com/keszybz/fedora-repro-build > > > > fedora-repro-build] to allow local rebuilds of historical koji builds > > > > > > This > > > > > > https://rpm-software-management.github.io/mock/feature-hermetic-builds > > > > Yes, thanks for the link. I think this didn't exist when I started working > > on my script to do rebuilds, so I just gather the rpms reported by koji > > to have been used for the original build and call 'createrepo_c' on the > > directory and point mock to that. This works fine… But having support > > for using a lockfile natively in mock is nice. > > > > Though, the process described in that link seems incomplete. > > > # we want to build this package > > > srpm=your-package.src.rpm > > Where does the $srpm come from? The process of creating the srpm from > > dist-git involves running the spec, i.e. already calling "untrusted" > > code. How is that part handled? > > > > It's also not *really* hermetic either. Hermetic builds require true > isolation and there is no Mock backend that provides that right now. > All it does is let you pre-download the build environment and replay > it multiple times. Koji can do that too, and yet nobody calls it > hermetic either because chroots/containers aren't good enough for that.
OK, so what do you mean by "true isolation" then? I'd say that once the build in a container with no network access, that is good enough for me :) Zbyszek -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
