Hi,

I'm really amazed by all the great work done around the Debian Janitor
project. It's great to see how it focuses the maintainer's work on where there's some actual value with having humans in the loop.

Watching the talk[0] on automatically providing packages for new
upstream releases and new upstream git snapshots, I wondered if the same tooling could be used to automatically provide stable backports
for packages in unstable/testing.

There's probably a large number of packages that just require a
rebuild (+ test with autopkgtest) to be backported.

Additionally, one could imagine a DSL to:
- make minor changes to the source package before building (adjust
dependencies, apply an additional patch, etc.)
- tell sbuild that some build-dependencies must be pulled from backported
packages

Jelmer, did you already think about that? Is there a way one could help
you?

Lucas

[0] https://debconf21.debconf.org/talks/7-fresh-upstreams-daily-builds/
https://meetings-archive.debian.net/pub/debian-meetings/2021/DebConf21/debconf21-110-fresh-upstreams-daily-builds.webm

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 26.08.21 11:39, Lucas Nussbaum wrote:

Additionally, one could imagine a DSL to:
- make minor changes to the source package before building (adjust
dependencies, apply an additional patch, etc.)
- tell sbuild that some build-dependencies must be pulled from backported
packages

Jelmer, did you already think about that? Is there a way one could help
you?

I worked on something like this last fall, which I tentatively named 'apt-derive'.

Given a source package in some origin distribution, apt-derive can automatically create a derivative of the source package, and of any
necessary dependencies, for a target distribution.

The popular derivation would be the backport type, of course. But other possibilities exist. For example, I was interested in optimized build
flavors for certain target environments.

Here's sample code for a numpy buster backport, with the following
output reflecting the rebuild chain needed on amd64 circa September
2020, when I ran this:

| from apt_derive import RebuildResolver
|
| # Used to identify Releases in python-apt
| bullseye = dict(origin='Debian', codename='bullseye')
| buster_bpo = dict(origin='Debian Backports', codename='buster backports')
| buster = dict(origin='Debian', codename='buster')
|
| # origin: bullseye
| # target: buster-backports
| # Packages from buster can be used to satisfy build dependencies
| rr = RebuildResolver(wanted_dist=bullseye,
| target=buster_bpo,
| added_dists=[buster])
|
| # Figure out what needs to be rebuilt
| tree = rr.resolve('numpy')
| if tree:
| print(tree.pformat())

python3-numpy_1:1.19.2-2
└─cython_0.29.21-1
└─dvisvgm_2.10.1-1
└─freetype_2.10.2+dfsg-3
└─python-hypothesis_5.32.1-1
└─sphinx_3.2.1-1
└─python-lark_0.9.0-1
└─sphinx_3.2.1-1

So back then, 7 unique packages needed to be backported (numpy and 6
others for newer build dependencies).

That's the resolving part of apt-derive. There's more to it of course,
for example there is a "blocked" list of packages where automatic
derivation would be refused (eg: for libc).

The rebuild part of apt-derive would create backported sources (with
changelog entries, and any other configured extensions) for the
packages.


My plan was to provide such a automated backports service under the name "autobpo", with package suffix ~autobpo11, and suites
* bullseye-autobpo-dangerous for the immediate build results
* bullseye-autobpo for results that passed CI and rebuilt
reproducibly

As to which packages to automatically backport, my plan was two-fold:
* By popular request
* Maintainers indicating so with X-AutoBPO-Policy: <something>
somewhere in debian/control

What eventually stalled my effort was that I was lacking a reasonably
simple build environment for multiple architectures. I wrote sbuild-qemu
to get local access to many architectures, but in the end, I didn't see
a way around wanna-build etc. for a multi-node build farm. I found
wanna-build overly complicated, and then other stuff came up in $LIFE.

Raphael initiated debusine in the meantime, which seems to be ideal
solution to my build problem.

However, If anyone with wanna-build experience is interested in
collaborating to get this launched sooner, please ping me.

I'll try to finalize the first draft of apt-derive as soon as possible
in the hopes that something can come of it.

Best,
Christian

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, Aug 26, 2021 at 11:39:06AM +0200, Lucas Nussbaum wrote:

There's probably a large number of packages that just require a
rebuild (+ test with autopkgtest) to be backported.

uploading to -backports also implies the promise to keep maintaining that backport until the next release is out... I'm not sure that part of the
upload should be automated nor forgotten ;)


--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

Make racists afraid again.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmEo4IkACgkQCRq4Vgaa qhxWgBAArnz3Rc+itbnrqbistj26HzJFKCBMMGpNXaLK058f86o9px6hQORfTHGF L7qMoWFoGHW2fIC7Ufx7lsm7MzcrjzPy56YljloKUmPvl2lzG+ruupEHvRfk8X9D +Ir0yGGrCkrC4kuwJ2BTxt2VBV6ovpEpGrOm2jFMP3p81R4ZR9WHcA7sl3R2PdOo ckwAsySaVUHtPDc9XJjmutvZgk0tXQMOavX/rwr3lqTKeqan6cRrKDkb8U6uLBKn FlxtRIDcYMJf5oQwedZSBgc/NPsccZqjMnXFfRM8/1Mdixf2GGXgBPKEtiI4av+Y cJGSWDxsxx8f2V7m9ZC1ii1mt10sV8G+q1aKArkxS1FDgMDgEKp4cic4RN9ma+gs TVF0siHSacgLZ5vpUbzli8wVVai2Gc9IMC3vOdHItLbDRxcnJfwa3TjUQ9M+ag6W tFiqk0PDzHHBhqmQ8kma6cxMBy8H/Oi3i0o3PrB95Om6sHzyJ7pAwKKqif+Ngurg Xis0TqRh0bNPH2oQLfBkS7i9/9vQZ72Mx8w3iECm8HEqEjFOGVXja78yYRjS49C3 mxRp7nhP9TRMi9XAcXz3Wcewpco24dBwjRnlG1hz4RvUcD3zvy9bgawOCIRW+fYv TZBCDbcPtVz8op8xSWmJ

On 27/08/21 at 12:54 +0000, Holger Levsen wrote:

On Thu, Aug 26, 2021 at 11:39:06AM +0200, Lucas Nussbaum wrote:

There's probably a large number of packages that just require a
rebuild (+ test with autopkgtest) to be backported.

uploading to -backports also implies the promise to keep maintaining that backport until the next release is out... I'm not sure that part of the upload should be automated nor forgotten ;)

Oh I wasn't thinking about uploading to the official backports suite.
In the same spirit as the fresh-{releases,snapshots} suites provided by janitor, I was thinking about an automatically-generated backports
suite.

Lucas

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hey Lucas

On 2021/08/27 15:04, Lucas Nussbaum wrote:

Oh I wasn't thinking about uploading to the official backports suite.
In the same spirit as the fresh-{releases,snapshots} suites provided by janitor, I was thinking about an automatically-generated backports
suite.

That sounds great. Firstly there's a lot of benefit to many people who
would use that, but also at the same time it would also count towards
some testing to newer packages that will end up in the next release.
There'll probably be some complications as always, but overall it sounds
like a great idea!

-Jonathan

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, Aug 27, 2021 at 03:04:34PM +0200, Lucas Nussbaum wrote:

uploading to -backports also implies the promise to keep maintaining that backport until the next release is out... I'm not sure that part of the upload should be automated nor forgotten ;)

Oh I wasn't thinking about uploading to the official backports suite.
In the same spirit as the fresh-{releases,snapshots} suites provided by janitor, I was thinking about an automatically-generated backports
suite.

oh, ic, this makes sense to me too, thanks for clarifying!


--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

Change is coming whether you like it or not.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmEo7RQACgkQCRq4Vgaa qhyNMw/9H6g9x6sSDWkU1sj4tte1VK6uugNoTSLQgsz0JaIviHHma+MhqVCk/goE 4IPu/KYcouRWxqG3IBEcM7s59GpDpOO/EOZ91fXRVlfkyK4CFhOJajrObWI+CQEF MZU3Au7VPGfvZ3WZz44lItY/+NiqW3WaoDWUOUuAQP2l9hd5BZcEaBEAkdBfKAVS nlS2GYAWkEv9T5tGk0Cu1jLHCccwuk1fqhLzuCcaMKd2fmUvD2sjr8rF6Pr/AbtC CNCJG1NuPU3sxVYPB6J30phUEa8h7WqAqtX27QdhwHvP19aEDHcg+Mk8dilS7PtJ 3SjlM3ol0RW8Qlw1lUSduDjpanCyJeU3UG+8YoXLaXS2AGAbAhhdKg5lrpq5OOp7 dgJmlzl/GsL0W61SxBz4Uun+LRlZ//lzM/flaRObXCDWl74uM91FkF+NvgSAZCXf ajVoux/kcC3jcBs2aS7nnZuTJdJH9up/Qu4WW8IOyY2tbZCzt499N2LqOt95QKGj vUyjJyfbTGOXVPdZLyAiLuLtAGG1Hwm+jp18FDCdujSSgM0Qqv7JuPbFnAdmXRZ0 /VSb4P8kZ0Tcfq0QNzOQJE0RnLDK9E9anqRWYtzcNwXAN+X/VhKug5eKtVq0Cb3Y
DI

Hi Lucas,

On Thu, Aug 26, 2021 at 11:39:06AM +0200, Lucas Nussbaum wrote:

Watching the talk[0] on automatically providing packages for new
upstream releases and new upstream git snapshots, I wondered if the same tooling could be used to automatically provide stable backports
for packages in unstable/testing.

There's probably a large number of packages that just require a
rebuild (+ test with autopkgtest) to be backported.

Additionally, one could imagine a DSL to:
- make minor changes to the source package before building (adjust
dependencies, apply an additional patch, etc.)
- tell sbuild that some build-dependencies must be pulled from backported
packages

Jelmer, did you already think about that? Is there a way one could help
you?

I've been thinking about this a little bit, and there are the
beginnings of a deb-auto-backport script in the janitor.

If all build-dependencies had appropriate versioning (i.e.
properly declared when they only worked with the dependencies in
unstable and didn't have overly tight dependencies on unstable), then backporting would be a lot easier. Then, to build backports, one could
(as you suggest above):

1. take the git repository for the package in unstable
2. update Vcs-Git/Vcs-Browse headers
3. add relevant changelog entry

4. attempt to build against stable, if there are build-dependencies
that are unsatisfied in unstable, pull them in from backports

I think one of the main challenges here is to make sure that the
dependencies for packages in unstable/testing are correct. This could
be addressed by something like:

* go through all the packages in unstable
* go through each build dependency line
+ where a build dependency can be satisfied by stable, build with
specifically that dependency from stable
- if build still succeeds, don't do anything
- if build fails, tighten the build-dependency
+ where a build dependency can't be satisfied by stable, attempt
to e.g. drop the version requirements and see whether it still
builds without that

That's fairly CPU-intensive though.

A DSL would require humans to make changes on a package-by-package
basis. It may be that that's unavoidable (especially when it comes to
patches), but I'd be keen to see how far we can get without resorting
to manual adjustments.

Perhaps these two problems could be addressed separately - you
could still backport packages with inappropriate build-depends,
but may run into build issues or an unnecessary number of packages
being pulled in from backpors - but that's okay.

Cheers,

Jelmer

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEsjhixBXWVlpOhsvXV5wWDUyeI+gFAmEs4c8ACgkQV5wWDUye I+h9ZQ//Xdvsq2yK6Lnr48OvDVM0WT+7MEwnNif4v4x+xyzcvAd8JXVmKcZicYGV X/q4bNYybH/WaSv2mDlEOtyzYMSExXrsq06aELj9Kybcjz2QZr5nz1p0ncyJqMJD e1nMCsh3V0enH+HSURcU+2BVjbW05MGnLdh408oHAvfw1KBw0B8Jifwvgk1Kgp2G DRDLToF8psiDrdg1p8oDWH0dWZiLmFMRwsEjVTh+H4araSxjLXgFEqfkitrFj/Co byCIWYsTKdE1QFEkx1gosnSHGKpT+nE99Piguo71u5mqyFHicYJ+2imbU2prZjcH fmOUN3Pw7j8UDQG8+yNwLUHbmTpQvV7B3Zpv4+K2Q5HORBX1uJY0ZMt+CfGh26tl OxhpEkzCsNZJgrovC+du5R/DFp5TndjSIKDEPjCmQ92+brU0jZFNPrADQAjRmMQo xN4dHGyr1YFwnM1k5Edavo+gPzizkidEFxKeWMRR5gvyWeAFkbg4ZWwtP5VtzU1P y5Vj+lwCSKAA6wF8w8vwVVw7453DQqWb1mYiDhBO9Geg43qfCEPzr+XAxfctmJuD cYW4BZER4oi97hBROabl80Pw3czjagIUdLmtq2I34m1vuosY1uk+/GTqNQHTiTlf 8k2Bw83/weq7hv1xRtyPE5piPDMqgbtFBw4SWdAfO2vAN3RweOE=
=jTKx
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 30.08.21 15:49, Jelmer Vernooij wrote:

I think one of the main challenges here is to make sure that the
dependencies for packages in unstable/testing are correct.

Why wouldn't they be correct, though? If it's less strict than it should
be, then that is a bug. And if it's too strict, experimentation with
lowered requirements sounds somewhat dangerous. The approach I chose was
to just backport any necessary dependencies as well.

(...backport any necessary dependencies within reason, that is. For
example, some Python packages always have bleeding edge build
dependencies in setup.py thanks to dependabot, but a diligent maintainer
will downgrade those to whatever the doc say is sufficient, I hope.)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 30 August 2021 19:17:54 CEST, Christian Kastner <ckk@debian.org> wrote:

On 30.08.21 15:49, Jelmer Vernooij wrote:

I think one of the main challenges here is to make sure that the
dependencies for packages in unstable/testing are correct.

Why wouldn't they be correct, though? If it's less strict than it
should
be, then that is a bug. And if it's too strict, experimentation with
lowered requirements sounds somewhat dangerous. The approach I chose
was
to just backport any necessary dependencies as well.

(...backport any necessary dependencies within reason, that is. For
example, some Python packages always have bleeding edge build
dependencies in setup.py thanks to dependabot, but a diligent
maintainer
will downgrade those to whatever the doc say is sufficient, I hope.)

There are two cases of insufficient version dependencies here - overzealous declaration of depending on the version in unstable and insufficient declaration of depending on the version in unstable.

In my experience, a lot of packages don't declare the minimum version of a (build-)dependency that they need properly; upstream has started depending on a new version of a dependency and the package hasn't been updated. Instead, these packages fail to
build or run when using the version of dependencies in stable rather than unstable. This is anecdotal though - I don't have any concrete data on how many packages would be affected. Maybe piuparts knows some of this? I agree it's a bug in those packages,
but I think it would significantly affect backportability.

This is somewhat orthogonal to the process of actually backporting, but it might impact the success chances or fitness of backported packages (if they end up pulling in a lot of unnecessary dependencies from backports).

Perhaps the best path forward is to just attempt to backport every package in the archive and see how well that goes, and then iterate and fix issues that come up, such as incorrect versioned dependencies.

Cheers,

Jelmer

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi Lucas,

On Thu, Aug 26, 2021 at 11:39:06AM +0200, Lucas Nussbaum wrote:

I'm really amazed by all the great work done around the Debian Janitor project. It's great to see how it focuses the maintainer's work on where there's some actual value with having humans in the loop.

Watching the talk[0] on automatically providing packages for new
upstream releases and new upstream git snapshots, I wondered if the same tooling could be used to automatically provide stable backports
for packages in unstable/testing.

There's probably a large number of packages that just require a
rebuild (+ test with autopkgtest) to be backported.

Additionally, one could imagine a DSL to:
- make minor changes to the source package before building (adjust
dependencies, apply an additional patch, etc.)
- tell sbuild that some build-dependencies must be pulled from backported
packages

Jelmer, did you already think about that? Is there a way one could help
you?

Reviving this thread that's more than a year old...

I spent some time working on this two months ago, and it's now finally
live. You can find an overview and instructions on how to use these packages at https://janitor.debian.net/bullseye-backports/

There's somewhere close to 5000 packages there at the moment. I haven't
done any of the other things you've suggested yet - adding a DSL for making minor changes or loosening dependencies.

Packages get built in a schroot with stable and existing backports
available.

I think at this point it's ready for early testing. The main
thing to watch out for is that some packages might pull in too
many other dependencies from backports. If anybody does try these out,
any feedback would be great. Either here,
or on the tracking bug at https://salsa.debian.org/jelmer/janitor.debian.net/-/issues/62

Known issues that still need to be addressed:

* backport from testing rather than unstable
* rename the suite from bullseye-backports to something that does't
clash with the official backports (version strings are already different)
* finish processing the rest of the archive
* better sanity checking to prevent too many dependencies from being
pulled in

I haven't decided on a name yet. "auto-bullseye-backports", perhaps?

Cheers,

Jelmer

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Jelmer Vernooij:

Hi Lucas,

On Thu, Aug 26, 2021 at 11:39:06AM +0200, Lucas Nussbaum wrote:

[...]
Jelmer, did you already think about that? Is there a way one could help
you?

Reviving this thread that's more than a year old...

[...]

Known issues that still need to be addressed:

* backport from testing rather than unstable
* rename the suite from bullseye-backports to something that does't
clash with the official backports (version strings are already different)
* finish processing the rest of the archive
* better sanity checking to prevent too many dependencies from being
pulled in

I haven't decided on a name yet. "auto-bullseye-backports", perhaps?

Cheers,

Jelmer

To save the janitor some compute power, would make sense to skip
packages that have already been backported? E.g., I noted there is an auto-backport for debhelper even though debhelper is "in sync" between stable-backports and testing (or even sid at the moment).

Other than that, I think this looks great and I hope this will help make backporting more smooth.

Thanks,
~Niels

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, Dec 03, 2022 at 09:11:57AM +0100, Niels Thykier wrote:

Jelmer Vernooij:

On Thu, Aug 26, 2021 at 11:39:06AM +0200, Lucas Nussbaum wrote:

[...]
Jelmer, did you already think about that? Is there a way one could help you?

Reviving this thread that's more than a year old...

[...]

Known issues that still need to be addressed:

* backport from testing rather than unstable
* rename the suite from bullseye-backports to something that does't
clash with the official backports (version strings are already different)
* finish processing the rest of the archive
* better sanity checking to prevent too many dependencies from being
pulled in

I haven't decided on a name yet. "auto-bullseye-backports", perhaps?

To save the janitor some compute power, would make sense to skip packages that have already been backported? E.g., I noted there is an auto-backport for debhelper even though debhelper is "in sync" between stable-backports
and testing (or even sid at the moment).

Other than that, I think this looks great and I hope this will help make backporting more smooth.

Yeah, that's a good point - I've now excluded these and packages with the same version
in stable and testing. Reduces the todo queue by about 5000 packages :)

Cheers,

Jelmer

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)