ARM rebuild

[Kees Cook]

On Mon, Nov 16, 2009 at 10:42:34AM -0600, Steve Langasek wrote:
> On Sat, Nov 14, 2009 at 12:52:58PM -0600, Matt Zimmerman wrote:
> > Would it be a reasonable compromise to slowly rebuild the archive over a
> > period of weeks or months to avoid a big hit on the mirrors?
> 
> In effect, we already have this for the majority of the packages in main as
> a side effect of the Debian import and our ongoing development work; if this
> is confined to main and deferred to around the middle of the development
> cycle, I would expect the set of packages that require uploads just for the
> rebuild to be minimal and manageable.

To further support the idea that binary package "churn" exists normally,
I've actually already made sure that every ELF in main/restricted has been
rebuilt since Intrepid (for the hardened compiler defaults).  Frankly,
it was a surprisingly small number of packages (about 50, IIRC), so I
don't think archive size will end up being a new problem for mirrors --
most of main changes every release.

While it requires other scripts and settings from our tree, I wrote a
tool[1] to identify source packages with ELF outputs that have been
unchanged since a given release.  It's mostly just a wrapper around
"comm -1 -2" with lists of source package versions.  (Note also that it
currently hard-codes arch checks.)

-Kees

[1] http://bazaar.launchpad.net/~ubuntu-security/ubuntu-security-tools/trunk/annotate/head%3A/repo-tools/unchanged-since

-- 
Kees Cook
Ubuntu Security Team