-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
More pytest-based reprotest invocations, this time focusing on .deb files. Replaces the CircleCI repro tests that manually compared hashes. Also modifies build script to support commit hash The logic assumed we were always building from a prod release tag. As a result, the CI logic was reimplementing the tarball mangling. Let's make the script more flexible, so we can run the script in CI and thereby get a bit more test coverage for it. Modifies CI env for reprotest support When building .deb packages, we need the python version for the packaging environment to match that of the target platform, i.e. python3.7 for buster. In CI, our platform options are: * VM, Ubuntu 20.04 * Container, Debian 10 The container driver in CircleCI does not permit "setarch" calls, erroring out immediately. The setarch calls are not optional in reprotest, unfortunately, so let's hack the file and remove it entirely, only in CI.
- Loading branch information
Conor Schaefer
committed
Jan 25, 2021
1 parent
1a69e39
commit 18770bd
Showing
8 changed files
with
108 additions
and
80 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
tests/__pycache__/ | ||
debhelper-build-stamp | ||
*.debhelper.log | ||
build/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
pytest | ||
pytest-mock | ||
pytest-mock | ||
virtualenv<16 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
import pytest | ||
import subprocess | ||
import os | ||
|
||
|
||
PACKAGE_BUILD_TARGETS = { | ||
"securedrop-client": "main", | ||
"securedrop-log": "main", | ||
"securedrop-proxy": "main", | ||
"securedrop-export": "main", | ||
} | ||
|
||
# These are the package names we want to test reproducibility for | ||
PACKAGE_NAMES = PACKAGE_BUILD_TARGETS.keys() | ||
|
||
|
||
def get_repo_root(): | ||
cmd = "git rev-parse --show-toplevel".split() | ||
top_level = subprocess.check_output(cmd).decode("utf-8").rstrip() | ||
return top_level | ||
|
||
repo_root = get_repo_root() | ||
|
||
|
||
@pytest.mark.parametrize("pkg_name", PACKAGE_NAMES) | ||
def test_deb_builds_are_reproducible(pkg_name): | ||
""" | ||
Uses 'reprotest' to confirm that the Debian package build process | ||
is deterministic, i.e. all .deb files are created with the same checksum | ||
across multiple builds. | ||
We're not testing many variations, only exec_path, as a simple test | ||
for deterministic builds with most aspects controlled. | ||
""" | ||
|
||
cmd_env = os.environ.copy() | ||
cmd_env["PKG_GITREF"] = os.environ.get("PKG_GITREF", PACKAGE_BUILD_TARGETS[pkg_name]) | ||
cmd_env["TERM"] = "xterm-256color" | ||
cmd = [ | ||
"reprotest", | ||
"-c", | ||
f"make {pkg_name}", | ||
"--variations", | ||
"-all, -kernel, +exec_path", | ||
".", | ||
f"build/debbuild/packaging/{pkg_name}*.deb", | ||
] | ||
subprocess.check_call(cmd, env=cmd_env, cwd=repo_root) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters