[Reproducible-builds] How to create deterministic archives using dpkg-deb?

adrelanos adrelanos at riseup.net
Thu Nov 28 12:29:02 UTC 2013


Jérémy Bobbio:
> adrelanos:
>> faketime "2013-08-15T11:02:35" dpkg-deb -v -D --build ./a ./x.deb
>> dpkg-deb: building package `whonix-shared-files' in `./x.deb'.
>>
>> md5sum x.deb
>> 3aeb7f5cb064522cce38fa05ae4b36fe  x.deb
>>
>> faketime "2013-08-15T11:02:35" dpkg-deb -v -D --build ./a ./x.deb
>> dpkg-deb: building package `whonix-shared-files' in `./x.deb'.
>> md5sum x.deb
>> d974d50406d2c9301d7ebd7e7f663b1d  x.deb
>>
>> It it my understanding that whatever in that "a" folder is, that
>> dpkg-deb should always create bit identical archives and thus result in
>> the same checksum.
>>
>> Am I doing something wrong?
>
> Have you looked at the differences with the `diffp` script?
> http://anonscm.debian.org/gitweb/?p=reproducible/misc.git;a=blob;f=diffp
>
> It takes a `.changes` file, but it will be easy enough to hack to just
> take one single pair of `.deb`.

Fortunately I have also .changes files.

I used debdiff beforehand, which didn't find any differences I and
thought that's it. This was wrong. diffp was helpful and I know now,
that my control file needs some work.



More information about the Reproducible-builds mailing list