[Reproducible-builds] How to create deterministic archives using dpkg-deb?
Jérémy Bobbio
lunar at debian.org
Wed Nov 27 12:31:44 UTC 2013
adrelanos:
> faketime "2013-08-15T11:02:35" dpkg-deb -v -D --build ./a ./x.deb
> dpkg-deb: building package `whonix-shared-files' in `./x.deb'.
>
> md5sum x.deb
> 3aeb7f5cb064522cce38fa05ae4b36fe x.deb
>
> faketime "2013-08-15T11:02:35" dpkg-deb -v -D --build ./a ./x.deb
> dpkg-deb: building package `whonix-shared-files' in `./x.deb'.
> md5sum x.deb
> d974d50406d2c9301d7ebd7e7f663b1d x.deb
>
> It it my understanding that whatever in that "a" folder is, that
> dpkg-deb should always create bit identical archives and thus result in
> the same checksum.
>
> Am I doing something wrong?
Have you looked at the differences with the `diffp` script?
http://anonscm.debian.org/gitweb/?p=reproducible/misc.git;a=blob;f=diffp
It takes a `.changes` file, but it will be easy enough to hack to just
take one single pair of `.deb`.
--
Lunar .''`.
lunar at debian.org : :Ⓐ : # apt-get install anarchism
`. `'`
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20131127/a8be6ba5/attachment.sig>
More information about the Reproducible-builds
mailing list