[Reproducible-builds] Storing .deb checksums in ADMINDIR/status?
Jérémy Bobbio
lunar at debian.org
Tue Jun 23 07:31:05 UTC 2015
Hi!
While thinking one more time about the current specification for
`.buildinfo` files [1], I remembered one unresolved question.
The `Build-Environment` field currently has the same syntax as
`Built-Using`: a list of packages and their exact version. This works
fine but might not be optimal.
Some people suggested that we should record a checksum of the `.deb`
installed as a way to unambiguously referring to a specific package.
The main benefit that I can think of is that it would allow to directly
retrieve the file from snapshot.debian.org based on the hash [2].
But, as far as I know, this information is currently not recorded by
dpkg and there is no way to know for sure which `.deb` has been used for
a package currently installed. I have a couple of memories where this
could have been useful outside of the aforementioned use case.
From my limited knowledge of dpkg's internals, computing checksums
and adding a new field to the status file doesn't seem hard to
implement.
What do you think? Would it such feature be a good addition to dpkg?
I'm willing to spend time writing a patch.
[1]: https://wiki.debian.org/ReproducibleBuilds/BuildinfoSpecification
[2]: https://anonscm.debian.org/cgit/mirror/snapshot.debian.org.git/plain/API
URL: /file/<hash>
--
Lunar .''`.
lunar at debian.org : :Ⓐ : # apt-get install anarchism
`. `'`
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150623/b6749e61/attachment.sig>
More information about the Reproducible-builds
mailing list