<div dir="ltr">Hi there. <div><br></div><div>Pardon the de-lurk, but I have a few thoughts on the topic that might help. I use mosh on os x and linux. I also happen to use homebrew.</div><div><br></div><div>As you've already pointed out, a proper package manager makes a lot of this much easier. There are a couple ways to get closer to this on a mac.</div><div><br></div><div>First, a stupid linux trick. In the past, on debian based distros when I have needed to replicate an environment that was lacking in automation for builds, I've fallen back to </div><div>dpkg --get-selections > packages.txt</div><div>scp packages.txt host:/tmp</div><div>dpkg --set-selections < /tmp/packages.txt</div><div>apt-get dselect-upgrade</div><div><br></div><div>Ok, so at that point I can be confident that system B is similar enough to system A to start working on whatever the issue is. The only problems that have cropped up are where deps are so old they've rsynced off the public mirrors, or in unversioned crap in /usr/local. You can do it with rpm too, it's just spelled differently.</div><div><br></div><div>A way to replicate that technique on a mac could be as simple as:</div><div>Track the os version 10.x </div><div>Track the xcode version.</div><div>Track the homebrew version.</div><div><br></div><div>Homebrew has some options here. </div><div>brew list > packages.txt</div><div>scp packages.txt hostb:packages.txt</div><div>brew install $(cat packages.txt)</div><div><br></div><div>Where this kind of falls on its face, is that homebrew more or less just chases the tip of a branch (stable) and updates are rolling.</div><div><br></div><div>But, it's all in git. If you were to go to /usr/local/Homebrew (the new home), you could figure out what sha you were using for the current build by running</div><div><div>✔ /usr/local/Homebrew [stable L|✔]</div><div>13:24 $ git rev-parse HEAD</div><div>8a7317aa8ff5f12067eb65e529a13490bc69deda (example sha to save somewhere)</div></div><div><br></div><div><br></div><div>They also have tags. And other branches. Point being, you could pin to a version/branch or whatever. It's just an exercise in juggling the metadata when building and capturing it somewhere. At that point you're much much closer to being able to stand up a brand new fresh os x box and install known versions of packages and known configurations of homebrew without inventing nearly as much of this solo. And lets face it... Idiosyncrasies with third party libs are a drag. At least engage a large community to share/shake out wrinkles. At a high level it's just 4 sets of facts.</div><div><br></div><div>Re-lurking.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 2, 2016 at 1:45 AM, john hood <span dir="ltr"><<a href="mailto:cgull@glup.org" target="_blank">cgull@glup.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On 10/31/16 10:46 AM, john hood wrote:<br>
> On 10/31/16 12:41 AM, Jim Cheetham wrote:<br>
>> Quoting john hood (2016-10-31 17:12:06)<br>
>>> Alas, we will not get any kind of repeatable builds out of this, Travis<br>
>>> constantly updates their build images and we update to current Homebrew<br>
>>> for dependencies on every build.<br>
>><br>
>> That's the worst bit. Using external services that are *unlikely* to attack<br>
>> your process is generally just fine, as long as there is a way to verify their<br>
>> output.<br>
><br>
> The repeatability is of course no worse than what we've got now :)<br>
><br>
>> Perhaps you could use Travis to report in the buildability of a revision,<br>
>> and the source of a 'nightly build' version, but keep a repeatable<br>
>> build chain for official releases?<br>
><br>
> We already use Travis for CI builds on Linux and OS X. I could of<br>
> course maintain a build VM for Mosh releases and snapshot it for each<br>
> release build, but having to maintain it (OS X upgrades, Xcode upgrades)<br>
> for Mosh's fairly infrequent releases is a significant burden for a<br>
> small project, and it would bring us full circle to manually-maintained<br>
> private builds.<br>
><br>
> We can at least report the Travis image id (I think this is already in<br>
> the build log) and the Homebrew version + Git revisions, and other tool<br>
> versions. Homebrew has a way to dump its configuration ('homebrew info<br>
> --json=v1') which may or may not be complete.<br>
><br>
> The elephant in the room is that we're trying to improve builds for a<br>
> binary-only, proprietary OS with relatively ad-hoc installation,<br>
> configuration, packaging, etc.<br>
<br>
</div></div>I've had some more thinking on this, and I'm getting over the<br>
you-piled-what?-onto-my-<wbr>tasklist reaction.<br>
<br>
There's a number of separate pieces to this problem:<br>
<br>
* Fully automating the OS X build and installing its build deps. This<br>
is a pretty basic first step to all the rest of it, and what I am trying<br>
to do with Travis.<br>
<br>
* Reporting: describing exactly what was built, how it was built, what<br>
dependencies were used, other environmental factors.<br>
<br>
* Repeatability: getting the same thing twice in a row :)<br>
<br>
* Reproducibility: making it possible, maybe even easy, for you to get<br>
the same thing out of a build that I did.<br>
<br>
* Trusted build infrastructure: in theory a reproducible build reduces<br>
the need for this. In practice...yeah, we should do that.<br>
<br>
A lot of this stuff amortizes nicely if you are a distribution or<br>
package management system. We're trying to do just one package, only<br>
for OS X (and not our many other platforms), and not even for all OS X<br>
users.<br>
<br>
My current OS X package manager of choice is Homebrew. It seems they've<br>
done some work towards reproducible builds internally, but it's not<br>
clear at all how you might reproducibly install Homebrew, or do<br>
non-Homebrew builds reproducibly with Homebrew deps. I just put a query<br>
out on that.<br>
<br>
It would be nice if Homebrew or Macports or some other package system<br>
could build standalone apps, and had reproducible builds.<br>
<br>
Another alternative might be to abandon package managers entirely for<br>
release builds, and build our dependencies ourselves. Xcode might have<br>
some useful capabilities in this area, I haven't looked. This may<br>
require separate, clean OS X instances for package builds.<br>
<br>
This isn't going to happen instantly. One approach to the trust issue<br>
here might be to just cop out-- stop doing OS X package builds and tell<br>
people to build their own, until we get this stuff into better shape.<br>
<br>
Have I missed anything obvious? (Yes.) Have any of you got wisdom on<br>
dealing with this stuff in an OS X environment that you can share?<br>
(Please!)<br>
<br>
regards,<br>
<br>
--jh<br>
<br>
<br>
<br>______________________________<wbr>_________________<br>
mosh-devel mailing list<br>
<a href="mailto:mosh-devel@mit.edu">mosh-devel@mit.edu</a><br>
<a href="http://mailman.mit.edu/mailman/listinfo/mosh-devel" rel="noreferrer" target="_blank">http://mailman.mit.edu/<wbr>mailman/listinfo/mosh-devel</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">J.<br><br></div>
</div>