On Thu, Mar 14, 2019 at 07:43:58PM +0100, Philippe Mathieu-Daudé wrote: > On 3/13/19 10:00 PM, Laszlo Ersek wrote: > > Add the files built by the last patch: (compressed) binaries, and the > > cumulative license text that covers them. > > > > Signed-off-by: Laszlo Ersek <[email protected]> > > --- > > > > Notes: > > v2: > > > > - capture the compressed build outputs of the last patch; slightly > > update the commit message [Dan, Michael, Phil] > > > > - consequently, do not pick up Michal's and Michael's R-b's > > Well I was not explicit in my previous review: I simply checked the > Licenses match the EDK2 project, but I haven't review the binaries. > Ideally I'd rather submit the binaries from a CI system or a Docker > image than your workstation.
I think that point probably applies to all of the binary ROMs that QEMU is already distributing. We have make rules that build them from the subdir, but we have no record of what kind of host they were built on by the maintainer which is troublesome for reproducability. It would be nice if we had a standard dockerfile that was designated as the build environment for each of the ROMs (one docker file might be suitable for many of the ROMs in fact). After building in the docker environment, we should capture a list of all the RPM/Deb packages that were in the docker image, and commit that to git alongside the binary ROM as a record of the actual build environment. We should be able to automate this whole process, so the maintainer just updates the submodule hash, and then runs "make rom-refresh-edk". It would run the docker build, capture the package list, and do the actual git commit with it all. With all that said, I don't think that needs to block Laszlo's series. We already have this problem of reproducability with all the existing ROMs and its thus unreasonable to hold Laszlo to a different higher standard that what we've already accepted. I think it is highly desirable as something to priortize though going forward. Perhaps we can set it as a target for next release cycle that all future binary ROM refreshes must be done from a docker env & the installed package set be recorded in git next to the ROM. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
