[Reproducible-builds] Bug#769844: linux: please make linux build reproducibly
Jérémy Bobbio
lunar at debian.org
Mon Jan 5 17:56:10 UTC 2015
Control: unblock -1 by 759886
Jérémy Bobbio:
> Bastian Blank:
> > On Mon, Nov 17, 2014 at 12:46:45AM +0100, Jérémy Bobbio wrote:
> > > The first patch adds call to `dh_strip_nondeterminism` and
> > > `dh_fixmtimes`, both being part of the custom toolchain currently used
> > > for reproducible builds. Hence not tagging the bug with “patch” until
> > > they are integrated in debhelper.
> >
> > Why does this need new tool instead of being integrated into the
> > existing ones?
>
> I am not sure which ones you specifically have in mind, but the whole
> project is still at the experimental stage. We try to work in
> unintrusive ways.
We are currently experimenting with fixing mtimes in `dh_builddeb`
instead of requiring a new helper. I have also done my latest
experiments without `dh_strip_nondeterminism`. The attached patch adds
the `-n` flag to gzip to compensate.
> > > The second patch changes the value of KBUILD_BUILD_TIMESTAMP to a
> > > timestamp parseable by `date`.
> >
> > Well, no. The string is this way for a reason.
>
> Would a patch against `scripts/gen_initramfs_list.sh` to make it parse
> Debian's KBUILD_BUILD_TIMESTAMP be acceptable then? Any other
> suggestions?
Implemented in the attached patch.
> > > An unclear aspect is where to add a call to `dh_genbuildinfo` which
> > > generates the .buildinfo [2]. It should be called after all binary
> > > packages have been created.
> >
> > Not possible, dh_* acts on single binary packages.
>
> Mh… I'm not sure we had realized that. It makes a case to move the
> generation of the .buildinfo closer to dpkg-genchanges.
That's how the experimental toolchain now works: the .buildinfo is
generated by dpkg-genbuildinfo, called by dpkg-buildpackage.
> > > * linux-source: mtimes of many files differ. Would it be ok to just
> > > create the tarball with a single timestamp (`tar --mtime=`)?
> >
> > Looks like a way.
>
> Good. :) I will experiment with this approach and probably add another
> patch to this bug report.
I've used find+touch instead. See attached patch.
With the attached patch, my latest build+rebuild showed similar
differences in linux-doc and linux-manual. It is probably related to the
way API documentation is currently extracted from the source code.
I also stumbled on a variation of the Installed-Size field in one of the
.deb. But this is a different topic.
--
Lunar .''`.
lunar at debian.org : :Ⓐ : # apt-get install anarchism
`. `'`
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linux_3.16.7-ckt2-1_reproducible1.patch
Type: text/x-diff
Size: 3330 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150105/ee645072/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150105/ee645072/attachment.sig>
More information about the Reproducible-builds
mailing list