Collaborative Working Sessions - Rebuilderd

rebuilderd

history of rebuilderd - started at 2019 summit architecture of rebuilderd - past and present is fedora support in main? not merged yet alpine? two problems - they don’t document their build env, no archive/snapshots of packages kp considered running their own archive, but was not feasible arch mixes archive.org (dependencies on their own servers, redirects to archive.org for the rest) fedora’s build and rebuild pipelines differ no opensuse support for rebuilderd how is the source organized? how are new distros added? monolithic repo, multiple binaries rebuildctl connects to rebuilderd, rebuilderd dispatches to rebuilderd-worker {debian,arch}-repro-status to get the state of your installed system arch has a tool to enforce update policies (which rebuilders, how many, etc) written in rust which distros/releases/etc you rebuild are configured in a TOML file goals: list problems with current features blockers for pull 184? new tools? policy enforcers, etc system rebuilder vs entire distro rebuilder? scheduling improvements for rebuilderd postgres database we don’t keep artifacts right now, but maybe a useful option for BAD? delays of builds? 404’ing buildinfo? subcode for FAIL? upload buildinfo before artifact upload? (short answer no, reason is debian politics) index of buildinfo files? yes, on debian. has its issues -security doesn’t get buildinfo files until point releases (we want to highlight the issue) pulling data for britney (debian testing/unstable migration and comparision, large payloads) individual API keys with permissions/claims? BAD package rescheduling? cutoff count/time vs only retry for FAIL? option for variance testing / flaky rebuilds? resource allocation / “chunky” builds vs “lean” builds, per-package test suite failures (default to off?) worker tags more worker metadata? auto-assigning tags to packages? downprioritized auto-policies for package size/tarball size/build resource usage? downprioritized web frontends? more serverside compute, less frontend? arch frontend - doesn’t handle many packages well debian frontend - mostly static generation jarl’s experimental frontend - not ready for use, needs updates to v1 API openapi - not source of truth, representation of what the code actually does https://vulns.xyz/2021/10/rebuilderd-v0.15.0/ has nice notes and explanations - turn into docs?

wrap-up capture blocking packages by name and version?