[Reproducible-builds] anything a packager can do for their packages?

[Andrew Ayer]

On Mon, 01 Sep 2014 23:02:43 -0400
Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:

> as an interested packager, but not one of the awesome people working
> actively on improving debian toolchains, i wanted to know if there was
> anything specific i could do as a packager now to ensure that my
> package can be reproducibly built.

I think the most effective thing a packager could do right now is to
make sure that their package is being built using modern debhelper
style (i.e. a single call to dh in debian/rules). Once our various dh_
commands are written and integrated into the standard debhelper
sequence, I think they will make many packages build reproducibly
without the maintainer needing to do anything.

> If there were a section on the wiki page suggesting what a packager
> could do to try to test their own packages, that would be useful, and
> could maybe get more feedback about reproducible builds.

I think it's premature for packagers to be testing their own packages
for reproducibility, since it would require them to patch dpkg, and
because sources of non-determinism might not be their fault, but the
fault of other packages used in the build process that we're working on
fixing.  I think we'll have clearer guidance for packagers once we've
finished more of our tooling and done another mass package rebuild.
And I agree with putting this on the wiki once we have it.

-- Andrew