Use the Source, Luke!

Topics in this article

Fedora, like quite a few Linux distributions, aims for the technical challenge of being self-hosting, that is, one should be able to recompile each of the packages in Fedora 10 using a copy of Fedora 10, and get exactly the same result.  For Open Source and Free Software developers, this is a critical feature which ensures that when someone has a program in binary form, they can be assured that the source code purporting to be that of the binary is, in fact, the same corresponding source.

One challenge to self-hosting a project the size of Fedora (now with about 6200 source packages) is dealing with the interdependencies between packages.  When a major component, such as the compiler or an often-used library, upgrades to a new version, you should rebuild all packages that depend upon that major component, to ensure they continue to work.  Often, simply re-compiling or re-linking each package using the updated compiler or library is all that is needed. In some cases though, applications which once built, no longer do – bitrot has set in.

For a couple years now I have been rebuilding all of the packages in the Fedora "rawhide" tree (the code that will make up the next major release), using only the code in rawhide to do so.  This tends to find bitrotting code relatively quickly, which I then report to the package owners to resolve.  I run these builds roughly monthly, striking a balance between annoying package owners with build failure reports, and timeliness of detecting such failures.  At the far end of the spectrum, openSUSE's build service cleverly rebuilds all packages "higher" in the dependency chain whenever a component "lower" in the chain is modified.

Borrowing a page from Debian's playbook, "Fails To Build From Source" (FTBFS) bugs are considered serious in Fedora as well.  When GCC 4.3 landed in rawhide back in early 2008, about 560 packages no longer built, and needed review and fixups.  As of this week, all but 4 have been resolved, the rest are pretty tricky and are being actively worked.  Thank you to all the Fedora packagers for fixing these up!

So, now it's time for the next pass.  Several changes to rpmbuild have been made recently, including disallowing patches to be applied with fuzz (126 packages tripped by this), and automatically building python egg-info content which must be included in the package.

For all packages failing due to patch fuzz, now is a good time to review what the latest version your upstream developers have released, verify that the patch is still necessary, and send the patch upstream ASAP if it hasn't already been applied upstream.

About the Author: Matt Domsch

Topics in this article