mirror of
https://git.yoctoproject.org/poky
synced 2026-02-24 02:19:39 +01:00
cea2191720
In oe-selftest of reproducibility, recipe apt has reproducibility issue:
...
2025-09-20 17:09:18,986 - oe-selftest - INFO - ======================================================================
2025-09-20 17:09:18,986 - oe-selftest - INFO - FAIL: test_reproducible_builds (reproducible.ReproducibleTests)
2025-09-20 17:09:18,986 - oe-selftest - INFO - ----------------------------------------------------------------------
2025-09-20 17:09:18,986 - oe-selftest - INFO - Traceback (most recent call last):
File "/buildarea5/hjia/contrib/openembedded-core-contrib/meta/lib/oeqa/selftest/cases/reproducible.py", line 406, in test_reproducible_builds
self.fail('\n'.join(fails))
AssertionError: The following deb packages are different and not in exclusion list:
build-st/reproducibleB-extended/tmp/deploy/deb/./x86-64-v3/apt-dbg_3.0.3-r0_amd64.deb
build-st/reproducibleB-extended/tmp/deploy/deb/./x86-64-v3/apt_3.0.3-r0_amd64.deb
The following ipk packages are different and not in exclusion list:
build-st/reproducibleB-extended/tmp/deploy/ipk/./x86-64-v3/apt-dbg_3.0.3-r0_x86-64-v3.ipk
build-st/reproducibleB-extended/tmp/deploy/ipk/./x86-64-v3/apt_3.0.3-r0_x86-64-v3.ipk
The following rpm packages are different and not in exclusion list:
build-st/reproducibleB-extended/tmp/deploy/rpm/./x86_64_v3/apt-3.0.3-r0.x86_64_v3.rpm
build-st/reproducibleB-extended/tmp/deploy/rpm/./x86_64_v3/apt-dbg-3.0.3-r0.x86_64_v3.rpm
...
Due to upstream apt commit [1], it calls `id -gn root' in cmake
to set ROOT_GROUP if not define. The output of `id -gn root' may
differ in the compared builds which caused reproducibility issue
...
|build-st/reproducibleB-extended/tmp/work/x86-64-v3-oe-linux/apt/
3.0.3/temp/log.do_configure:124:-- Found root group: wheel
...
|build-st/reproducibleA/tmp/work/x86-64-v3-oe-linux/apt/3.0.3/
temp/log.do_configure:124:-- Found root group: root
...
Explicitly set ROOT_GROUP = "root" for cmake other than call `id -gn root'
to support reproducibility
[1] 6f1f3c9afd
(From OE-Core rev: 5b3d5ae626b0d28535973be2a8a1cf48d314ba12)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
151 lines
4.8 KiB
BlitzBasic
151 lines
4.8 KiB
BlitzBasic
SUMMARY = "Advanced front-end for dpkg"
|
|
DESCRIPTION = "APT is the Advanced Package Tool, an advanced interface to the Debian packaging system which provides the apt-get program."
|
|
HOMEPAGE = "https://packages.debian.org/sid/apt"
|
|
LICENSE = "GPL-2.0-or-later"
|
|
SECTION = "base"
|
|
|
|
# Triehash script taken from https://github.com/julian-klode/triehash
|
|
SRC_URI = "${DEBIAN_MIRROR}/main/a/apt/${BPN}_${PV}.tar.xz \
|
|
file://triehash \
|
|
file://0001-Disable-documentation-directory-altogether.patch \
|
|
file://0001-CMakeLists.txt-avoid-changing-install-paths-based-on.patch \
|
|
file://0001-cmake-Do-not-build-po-files.patch \
|
|
file://0001-fix-compilation-with-musl.patch \
|
|
"
|
|
|
|
SRC_URI:append:class-native = " \
|
|
file://0001-Do-not-init-tables-from-dpkg-configuration.patch \
|
|
file://0001-Revert-always-run-dpkg-configure-a-at-the-end-of-our.patch \
|
|
"
|
|
|
|
SRC_URI:append:class-nativesdk = " \
|
|
file://0001-Do-not-init-tables-from-dpkg-configuration.patch \
|
|
file://0001-Revert-always-run-dpkg-configure-a-at-the-end-of-our.patch \
|
|
"
|
|
|
|
SRC_URI[sha256sum] = "5b5f6f6d26121742a83aa80d4ed0eb0c6ce9bea259518db412edefd95760e4ef"
|
|
LIC_FILES_CHKSUM = "file://COPYING.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263"
|
|
|
|
# the package is taken from snapshots.debian.org; that source is static and goes stale
|
|
# so we check the latest upstream from a directory that does get updated
|
|
UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/a/apt/"
|
|
# apt seems to follow a peculiar version policy, where every *other* even version
|
|
# is considered stable, e.g. 1.0, 1.4, 1.8, 2.2, 2.6, etc. As there is no way
|
|
# to express 'divisible by 4 plus 2' in regex (that I know of), let's hardcode a few.
|
|
UPSTREAM_CHECK_REGEX = "[^\d\.](?P<pver>((2\.2)|(2\.6)|(3\.0)|(3\.4)|(3\.8)|(4\.2))(\.\d+)+)\.tar"
|
|
|
|
inherit cmake perlnative bash-completion useradd
|
|
|
|
# User is added to allow apt to drop privs, will runtime warn without
|
|
USERADD_PACKAGES = "${PN}"
|
|
USERADD_PARAM:${PN} = "--system --home /nonexistent --no-create-home _apt"
|
|
|
|
BBCLASSEXTEND = "native nativesdk"
|
|
|
|
DEPENDS += "db lz4 zlib bzip2 xz xxhash openssl"
|
|
|
|
EXTRA_OECMAKE:append = " -DCURRENT_VENDOR=debian -DWITH_DOC=False \
|
|
-DDPKG_DATADIR=${datadir}/dpkg \
|
|
-DTRIEHASH_EXECUTABLE=${UNPACKDIR}/triehash \
|
|
-DCMAKE_DISABLE_FIND_PACKAGE_ZSTD=True \
|
|
-DCMAKE_DISABLE_FIND_PACKAGE_SECCOMP=True \
|
|
-DWITH_TESTS=False \
|
|
-DCOMMON_ARCH=${DPKG_ARCH} \
|
|
-DROOT_GROUP="root" \
|
|
"
|
|
|
|
PACKAGECONFIG ??= ""
|
|
# usrmerge displays a runtime warning during package installation in case
|
|
# the system doesn't have merged /usr folders.
|
|
PACKAGECONFIG[usrmerge] = "-DREQUIRE_MERGED_USR=ON,-DREQUIRE_MERGED_USR=OFF"
|
|
|
|
# Needed until https://salsa.debian.org/apt-team/apt/-/merge_requests/511 is fixed
|
|
CXXFLAGS:append:toolchain-clang = " -stdlib=libstdc++"
|
|
LDFLAGS:append:toolchain-clang = " -stdlib=libstdc++"
|
|
|
|
do_configure:prepend() {
|
|
echo "set( CMAKE_FIND_ROOT_PATH_MODE_INCLUDE BOTH )" >> ${WORKDIR}/toolchain.cmake
|
|
}
|
|
|
|
# Unfortunately apt hardcodes this all over the place
|
|
FILES:${PN} += "${prefix}/lib/dpkg ${prefix}/lib/apt"
|
|
RDEPENDS:${PN} += "bash perl dpkg"
|
|
|
|
customize_apt_conf_sample() {
|
|
cat > ${D}${sysconfdir}/apt/apt.conf.sample << EOF
|
|
Dir "${STAGING_DIR_NATIVE}/"
|
|
{
|
|
State "var/lib/apt/"
|
|
{
|
|
Lists "#APTCONF#/lists/";
|
|
status "#ROOTFS#/var/lib/dpkg/status";
|
|
};
|
|
Cache "var/cache/apt/"
|
|
{
|
|
Archives "archives/";
|
|
pkgcache "";
|
|
srcpkgcache "";
|
|
};
|
|
Bin "${STAGING_BINDIR_NATIVE}/"
|
|
{
|
|
methods "${STAGING_LIBDIR}/apt/methods/";
|
|
gzip "/bin/gzip";
|
|
dpkg "dpkg";
|
|
dpkg-source "dpkg-source";
|
|
dpkg-buildpackage "dpkg-buildpackage";
|
|
apt-get "apt-get";
|
|
apt-cache "apt-cache";
|
|
};
|
|
Etc "#APTCONF#"
|
|
{
|
|
Preferences "preferences";
|
|
};
|
|
Log "var/log/apt";
|
|
};
|
|
|
|
APT
|
|
{
|
|
Install-Recommends "true";
|
|
Immediate-Configure "false";
|
|
Architecture "i586";
|
|
Get
|
|
{
|
|
Assume-Yes "true";
|
|
};
|
|
};
|
|
|
|
Acquire
|
|
{
|
|
AllowInsecureRepositories "true";
|
|
};
|
|
|
|
DPkg::Options {"--root=#ROOTFS#";"--admindir=#ROOTFS#/var/lib/dpkg";"--force-all";"--no-force-overwrite";"--no-debsig"};
|
|
DPkg::Path "";
|
|
EOF
|
|
}
|
|
|
|
do_install:append:class-native() {
|
|
customize_apt_conf_sample
|
|
}
|
|
|
|
do_install:append:class-nativesdk() {
|
|
customize_apt_conf_sample
|
|
rm -rf ${D}${localstatedir}/log
|
|
}
|
|
|
|
do_install:append:class-target() {
|
|
# Write the correct apt-architecture to apt.conf
|
|
APT_CONF=${D}${sysconfdir}/apt/apt.conf
|
|
echo 'APT::Architecture "${DPKG_ARCH}";' > ${APT_CONF}
|
|
|
|
# Remove /var/log/apt. /var/log is normally a link to /var/volatile/log
|
|
# and /var/volatile is a tmpfs mount. So anything created in /var/log
|
|
# will not be available when the tmpfs is mounted.
|
|
rm -rf ${D}${localstatedir}/log
|
|
}
|
|
|
|
do_install:append() {
|
|
# Avoid non-reproducible -src package
|
|
sed -i -e "s,${B}/include/,,g" ${B}/apt-pkg/tagfile-keys.cc
|
|
}
|