[Reproducible-builds] How to create deterministic archives using dpkg-deb?
adrelanos
adrelanos at riseup.net
Wed Nov 27 12:25:16 UTC 2013
Hi!
I am packaging a package outside the debian repository for a derivative
of Debian. Nonetheless I hope I am welcome on this list. I've got a
question about this...
https://wiki.debian.org/ReproducibleBuilds?action=logout&logout=logout#How_to_build_a_deb_using_faketime
> Note that this retians *one* timestamp, which is the timestamp of the
'ar' container of the *.deb. To erase that, somehow regenerate the
package within the fakeroot-faketime environment by using dpkg-deb to
unpack it, then dpkg-deb to repack it.
I tried this, but when I do so I get every time a different checksum.
ls ./a
DEBIAN etc usr var
faketime "2013-08-15T11:02:35" dpkg-deb -v -D --build ./a ./x.deb
dpkg-deb: building package `whonix-shared-files' in `./x.deb'.
md5sum x.deb
3aeb7f5cb064522cce38fa05ae4b36fe x.deb
faketime "2013-08-15T11:02:35" dpkg-deb -v -D --build ./a ./x.deb
dpkg-deb: building package `whonix-shared-files' in `./x.deb'.
md5sum x.deb
d974d50406d2c9301d7ebd7e7f663b1d x.deb
It it my understanding that whatever in that "a" folder is, that
dpkg-deb should always create bit identical archives and thus result in
the same checksum.
Am I doing something wrong?
Cheers,
adrelanos
More information about the Reproducible-builds
mailing list