On Fri, 3 Apr 2020, Zhiyi Zhang wrote:
On 4/3/20 6:09 PM, Francois Gouget wrote:
On Fri, 3 Apr 2020, Zhiyi Zhang wrote: [...]
I think we can only enable -Werror for patches coming from the wine-devel.
Do you have a concrete proposal?
We could consider switching to clean build with ccache set up.
The build and Wine VMs already use ccache.
The TestBot does not need to wipe the build tree for each patch. So only files that have changed need to be rebuilt. But alternating between -Werror and no -Werror requires rerunning configure which takes about 30 seconds. A test I have done shows that such a basic rebuild takes about 130 seconds, 6 seconds of which are in make (and thus parallelisable). In comparison a basic build currently takes about 20 seconds.
So a separate tree is not needed. That would solve the problem of having to wait for nightly VM updates to complete for some patches as well since we don't have to update those VMs then.
I don't understand.
A patch can cause the build process to run arbitrary commands. This means the VM must be reverted to a clean state after each build and this also wipes the ccache data. (That's why the Build/Wine updates are special tasks)
Storing the ccache data out of the VM would not work because the VM would have write access to that persistent data and could poison the content of that cache.
What could work would be to use distcc[1] so the compilation is performed outside the VM (and potentially distributed across multiple machines). The compilation server(s) could then use ccache. That would be safe as long as there is no security vulnerability in the compiler(s). I would probably want to place the compilers in a chroot sandbox or some such anyway. And we'd need to also ensure that all hosts that perform compilations (possibly including the VM) has consistent compiler versions.
This would actually help a lot with patch series that start by modifying a global Wine header ;-) But that seems like way more complexity than I want to entertain for now.