[Reproducible-builds] .buildinfo should contain source hashes (as well as binary hashes)
Jérémy Bobbio
lunar at debian.org
Mon Sep 21 11:33:45 UTC 2015
Ximin Luo:
> > Implementation-wise, getting the hash of the .dsc in the .buildinfo is
> > going to be very tricky. dpkg does not know about what's available in
> > the archive. It just knows about packages which are or were installed.
> >
>
> `apt-cache showsrc [pkg]` has the right information in there, but it's a bit messy. I need to test this without a deb-src line, though.
Building Debian packages doesn't involve APT in any ways. There is
currently no coupling in the direction dpkg → APT.
(That's why we need to get hash of the binary packages in
/var/lib/dpkg/status before they can be written in dpkg-genbuildinfo.)
--
Lunar .''`.
lunar at debian.org : :Ⓐ : # apt-get install anarchism
`. `'`
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150921/bfd15d71/attachment.sig>
More information about the Reproducible-builds
mailing list