Page MenuHomePhabricator

port Whonix package build process to Qubes package build process
Open, NormalPublic

Description

That would help with automation. More frequent updates. Then git tag signing, deterministic builds and release quality assurance would be sorted out.


Motivation:

All packages not coming from Debian like Tor Browser (not packaged at all) and Tor (newer versions from deb.torproject.org) is a major non-fun hassle maintenance burden.

  • watch upstream package updates
  • upload to developers repository
  • test
  • upload to testers repository
  • have testers test it
  • upload to proposed-stable repository
  • have testers test it
  • upload to stable repository

Since all of this needs mental resources, time, remembering things, and cannot be done in connected working hours (since time has to pass), it's a major hassle.

Most of the time, no issues are caught. But if there was an issue, it could be huge, such as:

  • Tor no longer connecting, requesting all users to apply manual steps to solve it
  • apt-get package management is broken dependency state

Details

Impact
Normal

Event Timeline

To build a package with qubes-builder, you need to add Makefile.builder file with just one line: DEBIAN_BUILD_DIRS := debian. This will tell qubes-builder that given repository contains Debian package.
Alternatively, if that would be too much of a problem, it should be easy to add an option that do auto detection (probably just looks for debian directory).