nss rebuild problem which I am unsure how to solve

Mon Jan 3 10:16:09 UTC 2011

Adrian Reber píše v Po 03. 01. 2011 v 09:18 +0100: 
> On Sun, Jan 02, 2011 at 06:59:58PM -0500, Josh Boyer wrote:
> > On Sun, Jan 2, 2011 at 5:59 PM, Adrian Reber <adrian at lisas.de> wrote:
> > > This will probably be a bit confusing, but I will try my best to
> > > describe at as clear as possible.
> > >
> > > Right now I am trying to rebuild all packages which are in the group
> > > "build". The problem I have is with the nss-* packages.
> > >
> > > Our f13 version is 3.12.6-7 which requires nss-util = 3.12.6, and that
> > > is already the bug. I cannot update to nss-*-3.12.9 (current rawhide)
> > > because of the dependencies of the nss-* packages on each other as nss
> > > requires the exact version of nss-util (3.12.6). This is a packaging bug
> > > which was later fixed with 3.12.6. Unfortunately I cannot rebuild that
> > > old version because the test suites includes a certificate which has
> > > expired.
> > >
> > > So I cannot build 3.12.6-8 which would fix the wrong "Requires: nss-util
> > > = 3.12.6" to "Requires: nss-util >= 3.12.6" (and everything would be
> > > okay).
> > >
> > > During my rebuilds with mock I did not hit this bug because f12 contains a
> > > newer nss with the correct "Requires:" line. So the easiest solution
> > > would be if the ppc koji could also inherit from f12+updates (if that is
> > > possible). The f12+updates is using 3.12.8 and our latest f13 version is
> > > still at 3.12.6. The only other way I can imagine would be to build a nss
> > > 3.12.6 package with the updated certificate so that the test does not
> > > fail, but that sounds even more complicated.
> > 
> > It does inherit from f12-updates, but only the updates actually built
> > on that hub not the primary.
> > 
> > Really, koji-shadow should be used for building f15 instead of trying
> > to do it piecemeal.  It will go back and reconstruct the buildroots
> > for packages as they were when the packages was originally built.
> > It's not perfect, but it builds a more complete set of packages and it
> > does so in an automated fashion.
> 
> Ah. I do not know what koji-shadow is, but it sounds like it rebuilds
> all packages in the exact same order they were built on the main koji.

You understand it right, to be more precise koji-shadow builds packages
with a buildroot that contains the same (or newer) package builds as the
build in primary koji, "noarch" packages can be directly imported. It
starts with the latest build and goes into the history (it checks the
content of the dist-fX tag).

> If that is correct it sounds like we have to wait some time and then
> most packages will be correctly rebuilt. So would it be better if I just
> leave it and wait until it finishes?

That's too optimistic assumption I think, there will be a lot of issues
requiring manual intervention. But probably we should just start it and
see what happens.

> Unfortunately this will not help with the nss problem, because the ppc
> koji will not be able to build any of the older versions of nss because
> of the expired certificate. This needs manual intervention (or the date
> has be turned back on the builders).

Such issues can be solved with injecting a "fixed" build with e.g. a
test-suite disabled or with just a bit newer build (too new can cause
new troubles).

Dan