Skip to content

Comments

[initramfs-tools] Replace git clone with pinned tarball + SHA256#25664

Open
rustiqly wants to merge 1 commit intosonic-net:masterfrom
rustiqly:pin/initramfs-tools-tarball
Open

[initramfs-tools] Replace git clone with pinned tarball + SHA256#25664
rustiqly wants to merge 1 commit intosonic-net:masterfrom
rustiqly:pin/initramfs-tools-tarball

Conversation

@rustiqly
Copy link
Contributor

@rustiqly rustiqly commented Feb 25, 2026

What I did

Replace the git clone from salsa.debian.org with a pinned tarball download and SHA256 checksum verification.

Why I did it

The initramfs-tools build fetches source via git clone from Debian's GitLab instance (salsa.debian.org) during the build. This is fragile:

  • salsa.debian.org returning HTTP 502 causes the entire build to fail late in the process (after 400+ packages have already built successfully)
  • The git clone is slower than a tarball download
  • No integrity verification on the downloaded source

This happened in practice — a transient salsa.debian.org 502 killed a 30-minute build that was almost done.

How I did it

  • Download the release tarball from salsa.debian.org's archive URL instead of git clone
  • Verify SHA256 checksum (27a78cc25a...) to ensure integrity
  • Extract and rename to match the expected directory structure
  • Remove the git checkout step (tarball is already at the pinned version)
  • Quilt patches still apply normally

How to verify it

make target/debs/trixie/initramfs-tools_0.142_all.deb

The package should build identically to the git-clone version.

@rustiqly rustiqly requested a review from qiluo-msft as a code owner February 25, 2026 03:05
@mssonicbld
Copy link
Collaborator

mssonicbld commented Feb 25, 2026

/azp run Azure.sonic-buildimage

@azure-pipelines
Copy link

azure-pipelines bot commented Feb 25, 2026

Azure Pipelines successfully started running 1 pipeline(s).

@rustiqly rustiqly mentioned this pull request Feb 25, 2026
Open
@rustiqly rustiqly force-pushed the pin/initramfs-tools-tarball branch from d60058b to 3e8bb9b Compare February 25, 2026 04:57
@rustiqly
[initramfs-tools] Replace git clone with pinned tarball + SHA256
9603593 
Replace the git clone from salsa.debian.org with a pinned tarball download
and SHA256 checksum verification. This improves build reliability and
reproducibility:

- Eliminates dependency on salsa.debian.org git server availability
  (HTTP 502 errors have caused build failures)
- Adds SHA256 integrity verification to detect corrupted downloads
- Tarball download is faster than full git clone
- Version is pinned via URL path and verified via checksum

Signed-off-by: Rustiqly <rustiqly@users.noreply.github.com>
@rustiqly rustiqly force-pushed the pin/initramfs-tools-tarball branch from 3e8bb9b to 9603593 Compare February 25, 2026 15:01
@mssonicbld
Copy link
Collaborator

mssonicbld commented Feb 25, 2026

/azp run Azure.sonic-buildimage

@azure-pipelines
Copy link

azure-pipelines bot commented Feb 25, 2026

Azure Pipelines successfully started running 1 pipeline(s).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@qiluo-msft qiluo-msft Awaiting requested review from qiluo-msft qiluo-msft is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rustiqly @mssonicbld