[Reproducible-builds] anything a packager can do for their packages?

Jérémy Bobbio lunar at debian.org
Wed Sep 3 16:56:24 UTC 2014 

Daniel Kahn Gillmor:
> hey reproducible-builds folks--
> 
> as an interested packager, but not one of the awesome people working
> actively on improving debian toolchains, i wanted to know if there was
> anything specific i could do as a packager now to ensure that my package
> can be reproducibly built.
> 
> If there were a section on the wiki page suggesting what a packager
> could do to try to test their own packages, that would be useful, and
> could maybe get more feedback about reproducible builds.

I think we are still missing small parts of the framework to write that
documentation. We are getting close, but there's a few more steps.

Also, we should soon be able to do another archive-wide build+rebuild.
(maybe more focused on core packages this time, but gnupg is in the
set). We'll make sure to make the log available to interested
maintainers.

> I'm particularly interested in this as part of the GnuPG packaging team
> right now.

In the meantime, you could experiment the build system. I wrote the
following script which will allow to compare the output of a command
repeatedly called with a variation:
http://anonscm.debian.org/cgit/reproducible/misc.git/tree/test-reproducibility

You coud try spotting anything that get captured by the build system
that should not. Probably you should ignore variations due to build
path variations.

I'm not sure it's a good use of your time. As, hopefully, we should be
able to have a better definition of what “reproducible builds” mean in
the Debian context.

-- 
Lunar                                .''`. 
lunar at debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20140903/0295a422/attachment.sig>

More information about the Reproducible-builds mailing list