-
intrigeri authored
Problem: - Our branches based on devel use "latest" snapshots for every APT archive used at build time => their reproducibly_build_Tails_ISO_* job will fail if any of these APT snapshots is updated between the start of the original build job and the start of the reproducibly_build_Tails_ISO_* job. - Our branches based on stable are also affected, but to a lesser degree: they use the "latest" snapshot only for the debian-security archive. - Any branch can be affected when the build is triggered by a Git push at an unfortunate time. But for some branches, the automatic daily build is _always_ affected: daily Jenkins job runs are scheduled in a deterministic manner, with a schedule based on the name of the branch. So inevitably, the automatic daily rebuild of _some_ branches will always fail to build reproducibly, because the failure condition ("APT snapshots is updated between the start of the original build job and the start of the reproducibly_build_Tails_ISO_* job") will always be met. There's no such active branch at the moment but we've seen that happen in the past. To fix that, let's ensure we use the same APT snapshots during the second build as the ones the first build used. Here's how. With this commit, we save the serials an ISO build used as a build artifact that the downstream reproducibly_build_Tails_ISO_* CI job will copy and then load environment from (using the Jenkins EnvInject Plugin). Therefore, in a given reproducibly_build_Tails_ISO_* CI job run, the APT_SNAPSHOTS_SERIALS environment variable will tell what APT snapshots were used by its upstream build_Tails_ISO_* CI job run. And finally, thanks to commit:aafdf8da and follow-ups, that downstream reproducibly_build_Tails_ISO_* CI job run will reuse the same snapshots.
2da49e69