bit by bit identical chroot creation (was Re: Debian and our frenemies of containers and userland repos)
Holger Levsen
holger at layer-acht.org
Tue Oct 8 10:14:52 BST 2019
Hi josch,
On Tue, Oct 08, 2019 at 10:49:50AM +0200, Johannes Schauer wrote:
> > And, does this work for mmdebstrap'ing buster too? (whether using
> > mmdebstrap from unstable or buster...)
> lets find out!
hehe, thanks!
> $ sudo mmdebstrap --include=mmdebstrap,debootstrap,diffutils buster ./debian-buster
> [...]
> $ sudo chroot ./debian-buster
> # cat /etc/apt/sources.list
> deb http://deb.debian.org/debian buster main
> deb http://deb.debian.org/debian buster-updates main
> deb http://security.debian.org/debian-security buster/updates main
> # SOURCE_DATE_EPOCH=1570522957 mmdebstrap --variant=minbase unstable - | sha256sum
> [...]
> e43ab25109a1f9e73fcb9de698912e25d7402c2aef4445a46719621b517901bf -
> # SOURCE_DATE_EPOCH=1570522957 mmdebstrap --variant=minbase unstable - | sha256sum
> [...]
> e43ab25109a1f9e73fcb9de698912e25d7402c2aef4445a46719621b517901bf -
> # SOURCE_DATE_EPOCH=1570522957 mmdebstrap --variant=minbase buster - | sha256sum
> [...]
> a1f4bc1f1c8e4a8942a1cbeed61f02556533d0381de0f9befe618246fec08af7 -
> # SOURCE_DATE_EPOCH=1570522957 mmdebstrap --variant=minbase buster - | sha256sum
> [...]
> a1f4bc1f1c8e4a8942a1cbeed61f02556533d0381de0f9befe618246fec08af7 -
> # SOURCE_DATE_EPOCH=1570522957 debootstrap --variant=minbase unstable ./debian-unstable-A
> [...]
> # SOURCE_DATE_EPOCH=1570522957 debootstrap --variant=minbase unstable ./debian-unstable-B
> [...]
> # diff -rq ./debian-unstable-A ./debian-unstable-B
> Files debian-unstable-A/var/cache/ldconfig/aux-cache and debian-unstable-B/var/cache/ldconfig/aux-cache differ
> Files debian-unstable-A/var/log/alternatives.log and debian-unstable-B/var/log/alternatives.log differ
> Files debian-unstable-A/var/log/bootstrap.log and debian-unstable-B/var/log/bootstrap.log differ
> Files debian-unstable-A/var/log/dpkg.log and debian-unstable-B/var/log/dpkg.log differ
I dont understand this:
a.) why do debian-unstable-A and -B differ, the sha256sums above are the
same? was that just typo and you ment stable?
b.) you boostrapped --variant=minbase here, while your original mail was
about --variant=essential. I take it that --variant=essential is
also unreproducible for buster?
c.) now I wonder if mmdebstrap from *stable* can also bootstrap a
reproducible unstable ?
& sorry for asking these questions instead of trying it myself...
> Since it is not crucial to have these files in a chroot after creating it (they
> will all be re-created) mmdebstrap just removes them.
see above :)
> Obviously, mmdebstrap
> cannot do much about reproducibility coming from many other sources like
> database creation in maintainer scripts or issues like these:
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917386
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917407
yeah, sure.
> Thanks!
very much likewise! :)
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/reproducible-builds/attachments/20191008/a08de233/attachment.sig>
More information about the Reproducible-builds
mailing list