On Thu, Mar 20, 2025 at 6:42 AM Miroslav Suchý <msuchy@xxxxxxxxxx> wrote: > > Dne 20. 03. 25 v 11:23 dop. Neal Gompa napsal(a): > > It's also notreally hermetic either. Hermetic builds require true > > isolation and there is no Mock backend that provides that right now. > > All it does is let you pre-download the build environment and replay > > it multiple times. > > OK. We can argue if systemd-nspawn containers with disabled network is good enough isolation or not. :) > > What this feature does is that it wrote down all packages used during build (including dynamic buildrequires). And can > replay it without the need to download anything from net. So even bootstrap_chroot can be isolate from network. This is > why we call it "hermetic". > > For the reproducible build POV is important that this feature allows you to re-run build with older package that was > used during a build. Despite the newever version of the package being available. > > > Koji can do that too, and yet nobody calls it > > hermetic either because chroots/containers aren't good enough for that. > > I believe Koji can't do such level of isolation. DNF in bootstrap chroot has to have access to internet in Koji. > Only if you use external repos. If you don't, then it can be locked down like the rest of the tasks. -- 真実はいつも一つ!/ Always, there's only one truth! -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
