Giter Site home page Giter Site logo

fepitre / rpmreproduce Goto Github PK

View Code? Open in Web Editor NEW
10.0 3.0 1.0 70 KB

Given a buildinfo file from a RPM package, generate instructions for attempting to reproduce the binary packages built from the associated source and build information.

Python 94.96% Shell 5.04%

rpmreproduce's Introduction

rpmreproduce

usage: rpmreproduce.py [-h] [--output OUTPUT] [--builder BUILDER] [--extra-repository-file EXTRA_REPOSITORY_FILE]
                       [--extra-repository-key EXTRA_REPOSITORY_KEY] [--gpg-sign-keyid GPG_SIGN_KEYID] [--gpg-verify]
                       [--gpg-verify-key GPG_VERIFY_KEY] [--proxy PROXY] [--no-checksums-verification] [--verbose] [--debug]
                       buildinfo

Given a buildinfo file from a RPM package, generate instructions for attempting to reproduce the binary packages built from the
associated source and build information.

positional arguments:
  buildinfo             Input buildinfo file. Local or remote file.

optional arguments:
  -h, --help            show this help message and exit
  --output OUTPUT       Directory for the build artifacts
  --builder BUILDER     Which building software should be used. (default: none)
  --extra-repository-file EXTRA_REPOSITORY_FILE
                        Add repository file content to the list of apt sources during the package build.
  --extra-repository-key EXTRA_REPOSITORY_KEY
                        Add key file (.asc) to the list of trusted keys during the package build.
  --gpg-sign-keyid GPG_SIGN_KEYID
                        GPG keyid to use for signing in-toto metadata.
  --gpg-verify          Verify buildinfo GPG signature.
  --gpg-verify-key GPG_VERIFY_KEY
                        GPG key to use for buildinfo GPG check.
  --proxy PROXY         Proxy address to use.
  --no-checksums-verification
                        Don't fail on checksums verification between original and rebuild packages
  --verbose             Display logger info messages.
  --debug               Display logger debug messages

EXAMPLES

$ ./rpmreproduce.py --debug --output=./artifacts --builder=mock \
    tests/data/terminator-buildinfo-2.1.0-1.fc32.noarch.rpm

This subpackage has been created with the help of proposed RPM change: rpm-software-management/rpm#1532. Former form using directly buildinfo file can still be used:

$ ./rpmreproduce.py --debug --output=./artifacts --builder=mock \
    --extra-repository-file tests/repos/qubes-r4.repo \
    --extra-repository-key tests/keys/RPM-GPG-KEY-qubes-4-primary \
    tests/data/qubes-core-agent-4.1.23-1.fc32.x86_64.buildinfo

BUILDERS

rpmreproduce can use different backends to perform the actual package rebuild. The desired backend is chosen using the --builder option. The default is none.

none            Dry-run mode. No build is performed.

mock            Use mock to build the package. This requires the
                user to be in `mock` group.

Note: Ensure to have dev option for the mount point where OUTPUT is. If not, mock will fail with such error like: /dev/null: Permission denied.

Note: On QubesOS, when adding user in mock group you would certainly need to log in again user. Simply sudo su user.

rpmreproduce's People

Contributors

fepitre avatar

Stargazers

Yiran Zhou avatar Akihiro Suda avatar Daniel Kahlenberg avatar Alexander Sosedkin avatar Tim avatar Juri Grabowski avatar Trishank Karthik Kuppusamy avatar Andrew Martin avatar duritong avatar avatar

Watchers

Marek Marczykowski-Górecki avatar Juri Grabowski avatar avatar

Forkers

pombredanne

rpmreproduce's Issues

self.extra_repository_files is None

Hi.
I saw Your post in a Fedora mailing lists and decided to look around. It's pretty neat, thanks.

I'm following readme and trying to verified build, but I'm stuck at self.extra_repository_files, which is none and that's nothing to put into repo_src in the for loop.

python3 rpmreproduce.py --output=./artifacts --builder=mock tests/data/qubes-core-agent-4.1.23-1.fc32.x86_64.buildinfo 
Traceback (most recent call last):
  File "/home/lukasz/progi/rpm/rpmreproduce/rpmreproduce.py", line 832, in <module>
    sys.exit(main())
  File "/home/lukasz/progi/rpm/rpmreproduce/rpmreproduce.py", line 824, in main
    rebuilder.run(builder=args.builder, output=realpath(args.output),
  File "/home/lukasz/progi/rpm/rpmreproduce/rpmreproduce.py", line 667, in run
    self.prepare_dnfcache()
  File "/home/lukasz/progi/rpm/rpmreproduce/rpmreproduce.py", line 363, in prepare_dnfcache
    for repo_src in self.extra_repository_files:
TypeError: 'NoneType' object is not iterable

Failed to get RPM signature keyid: bad magic: b'itl'

Hi @fepitre !

I'm trying to figure out how far I am from being able to reproduce some of my personal packages (context).

I've been generating a .buildinfo file using a variant of Qubes OS' rpmbuildinfo script, and feeding it to rpmreproduce.

I got this error recently. I wouldn't bug you with unspecific errors, but the "ITL" mention makes be believe it may actually be specific to your rpmreproduce tool and/or Qubes OS?

ERROR:rpmreproduce:Failed to get RPM signature keyid: Invalid rpm: bad magic: b'itl'

This happens, as far as I'm understanding, when attempting to verify a package that's been downloaded. More context:

DEBUG:rpmreproduce:Downloading https://kojipkgs.fedoraproject.org/packages/openh264/2.1.1/1.fc32/data/signed/12c944d0/x86_64/gstreamer1-plugin-openh264-1.16.2-2.fc32.x86_64.rpm to /tmp/rpmreproduce/cache/rpms/gstreamer1-plugin-openh264-1.16.2-2.fc32.x86_64.rpm.UNTRUSTED
Failed to get RPM signature keyid: Invalid rpm: bad magic: b'itl'
ERROR:rpmreproduce:Failed to get RPM signature keyid: Invalid rpm: bad magic: b'itl'

I've built the package in a Fedora 32 template, so maybe that b'itl' has to do with that, rather than with rpmreproduce.
Does that ring any bell?

Beyond that, would you say that using rpmreproduce seems like a sound approach to reproducing personal RPM packages?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.