[Reproducible-builds] Bug#805321: debian-installer: builds unreproducible netboot images
Cyril Brulebois
kibi at debian.org
Tue Nov 17 00:14:16 UTC 2015
(Keeping everyone initially x-d-cc'd in the loop.)
Hi,
Steven Chamberlain <steven at pyro.eu.org> (2015-11-16):
> Package: debian-installer
> Version: 20150422
> Severity: wishlist
> Tags: patch
Where's the patch? :p
> The debian-installer package build produces netboot.tar.gz and
> the mini.iso netboot install media. It doesn't do this in an easily
> reproducible way:
>
> * the d-i initrd/mfsroot is a filesystem image, having variable
> mtime/ctime/atime timestamps from package build time;
> * likewise in the generated mini.iso;
> * netboot.tar.gz also has varying timestamps; the order of files
> may also vary depending on the filesystem;
> * likewise in the cd info tarball;
> * likewise in the debian-installer-images tarball;
> * all gzipped outfile files have a timestamp in the header.
>
> I have a patch aimed at jessie-kfreebsd that should fix all of the
> above. It should be possible to do the same in sid with much less
> code, due to new GNU tar features and other reproducible builds work.
Please make sure not to depend on features which are not found in stable
(I'm not entirely sure about oldstable at this point), which might hinder
our ability to cherry-pick bits and pieces from master to jessie.
I know this might sound a bit silly since you're talking about targetting
jessie-kfreebsd anyway, but I'd like to point that out anyway, just in
case someone wants to rework/“simplify” your work later on.
> I've 'clamped' timestamps to be no later than the most recent
> debian/changelog entry date. That way, the non-useful timestamps
> from during the build are adjusted to a constant value. Older
> timestamps, actually indicating how old a file is, are untouched.
> The BUILD_DATE, actually the package version number, is unchanged.
>
> Specifically on kfreebsd, the generated mfsroot is a ffs filesystem
> having file atimes, and another timestamp in the filesystem superblock.
> I intend to patch makefs so that it can clamp timestamps to a given
> SOURCE_DATE_EPOCH.
>
> Besides a file ordering issue in makefs, all output files including
> netboot.tar.gz and mini.iso then seem to be reproducible for
> jessie-kfreebsd, at least. :)
I don't have much knowledge in this area (or time to investigate right
away), so I'll probably let reproducible people comment on this once they
see your patch.
Mraw,
KiBi.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20151117/b4eed974/attachment.sig>
More information about the Reproducible-builds
mailing list