[Reproducible-builds] Ideas

Jérémy Bobbio lunar at debian.org
Wed Feb 5 18:12:24 UTC 2014 

Stéphane Glondu:
> What might be (more) acceptable would be to record (in the .changes
> file, in your model) all the timestamps produced by a first build, and
> set them in subsequent rebuilds.

Feel free to experiment with the libfaketime approach. The consensus
during the BoF at DebConf was that faking things instead of removing the
variation was not the way to go, but YMMV.
 
> I believe adding non-reproducible ar members would not harm the original
> goal of reproducible builds: the non-reproducible members could just be
> copied from what is being reproduced. As an extreme example, the
> .changes file itself could be added as an ar member (using checksums of
> the other reproducible members instead of the container's).
> 
> Concerning the (what I consider a) side-effect of faster maintainer
> uploads, it is still achieved if the non-reproducible ar members are
> (relatively) small and transmitted.
> 
> All in all, I agree with Guillem's objection that the .deb file is the
> wrong boundary for reproducibility. Achieving reproducibility of the
> current ar members is still a worthwhile goal in my opinion, though.

Please note that once you have the ar members reproducible themselves,
having the .deb reproducible is pretty trivial currently. See:
http://anonscm.debian.org/gitweb/?p=reproducible/dpkg.git;a=blobdiff;f=lib/dpkg/ar.c;h=1266076025;hp=808ef58ff;hb=5692b4e82;hpb=973bcc24ac

If this changes in the future for good reasons, fine, but currently,
I don't think doing the change in the given patch is likely to be
troublesome.

-- 
Lunar                                .''`. 
lunar at debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20140205/3c509649/attachment.sig>

More information about the Reproducible-builds mailing list