Bug#999826: debian-policy: fix Build-Depends footnoteo

2021-11-20 Thread Holger Levsen 
On Wed, Nov 17, 2021 at 03:11:55PM +0100, Johannes Schauer Marin Rodrigues 
wrote:
> > This footnote might not be the best place to document the precise behaviour
> > of autobuilders (which currently is outside the scope of policy). On the
> > other hand, having a fully specified build process could reduce build
> > variability and make builds more reproducible.
> Do you have suggestions for a better place to document this?

src:developers-reference maybe? with a pointer to it in -policy?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

:wq


signature.asc
Description: PGP signature

Bug#999826: debian-policy: fix Build-Depends footnote

2021-11-20 Thread Bill Allombert 
On Sat, Nov 20, 2021 at 01:24:28PM +, Holger Levsen wrote:
> On Wed, Nov 17, 2021 at 03:11:55PM +0100, Johannes Schauer Marin Rodrigues 
> wrote:
> > > This footnote might not be the best place to document the precise 
> > > behaviour
> > > of autobuilders (which currently is outside the scope of policy). On the
> > > other hand, having a fully specified build process could reduce build
> > > variability and make builds more reproducible.
> > Do you have suggestions for a better place to document this?
> 
> src:developers-reference maybe? with a pointer to it in -policy?

We need the input of the people on charge of writing the autobuilders
code.

Cheers,
-- 
Bill. 

Imagine a large red swirl here.

Bug#999826: debian-policy: fix Build-Depends footnote

2021-11-20 Thread Johannes Schauer Marin Rodrigues 
Hi Sean,

Quoting Sean Whitton (2021-11-19 23:13:46)
> Can you turn this into a patch against our git repo, please?

maybe I'm looking at the wrong git repo but I didn't find out how to file a
merge request. Thus attaching the git format-patch.

Thanks!

cheers, josch>From dc186d400e47c9eed7dc94a2be4daa59b3fa2665 Mon Sep 17 00:00:00 2001
From: Johannes Schauer Marin Rodrigues 
Date: Sat, 20 Nov 2021 22:50:49 +0100
Subject: [PATCH] fixup B-D alternatives footnote (closes: #999826)

---
 policy/ch-relationships.rst | 19 ++-
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/policy/ch-relationships.rst b/policy/ch-relationships.rst
index 915d00d..357a612 100644
--- a/policy/ch-relationships.rst
+++ b/policy/ch-relationships.rst
@@ -669,11 +669,20 @@ against newer versions of their build dependencies.
 .. [#]
While ``Build-Depends``, ``Build-Depends-Indep`` and
``Build-Depends-Arch`` permit the use of alternative dependencies,
-   these are not normally used by the Debian autobuilders.  To avoid
-   inconsistency between repeated builds of a package, the
-   autobuilders will default to selecting the first alternative, after
-   reducing any architecture-specific restrictions for the build
-   architecture in question.  While this may limit the usefulness of
+   those are only used for the backports suite on the Debian autobuilders.
+   On the other suites, after reducing any architecture-specific restrictions
+   for the build architecture in question, all but the first alternative are
+   discarded except if the alternative is the same package name as the first.
+   The latter exception is useful to specify version ranges like
+   ``foo (rel x) | foo (rel y)``. This is to reduce the risk of inconsistencies
+   between repeated rebuilds. For example if a source package build depends
+   on ``libcurl4-gnutls-dev | libcurl4-openssl-dev``, then during a transition
+   libcurl4-gnutls-dev might become uninstallable because apt only considers
+   the latest version of a package and then the source package would be wrongly
+   built with openssl instead of gnutls. Inconsistencies are not completely
+   avoided because virtual packages might still be provided by a different
+   real package and because alternatives are still preserved for binary package
+   dependencies. While this may limit the usefulness of
alternatives in a single release, they can still be used to provide
flexibility in building the same package across multiple
distributions or releases, where a particular dependency is met by
-- 
2.33.0



signature.asc
Description: signature