[Reproducible-builds] Bug#138409: dpkg-dev: please add support for .buildinfo files
Holger Levsen
holger at layer-acht.org
Thu Jan 28 18:01:59 UTC 2016
Hi Guillem,
just quickly commenting on two sub topics…
On Donnerstag, 28. Januar 2016, Guillem Jover wrote:
> > One of the main change is that `.buildinfo` should now be named with an
> > arbitrary identifier. By default this defaults to $HOSTNAME-$TIMESTAMP
> > but can be set to an arbitrary value by the `--buildinfo-identifier`
> > command line flag.
> Hmmm, leaking the hostname seems slightly privacy-concerning? If the
> information therein is not relevant I'd rather use something like an
> UUID (although that would require increasing the pseudo-build-essential
> set), or just hashing the hostname-timestamp with something like md5
> or sha1 or similar.
yeah, "something / anything" is fine. dak / the archive software can rename it
anyway, as it likes. (I'd be in favor of naming the first accepted buildinfo
file of the archive just "00000000" so that it's predictable…
> I've some pending changes I'll be committing to master or a separate
> branch, that I'd like to be tested on the reproducible setup (ideally
> against the already generated and pre-existing reproducible binaries),
> if that's possible, I'll ask about that when those land, I just need
> to finish up fewm more unit tests.
That's possible, though not (yet nor in near future) against pre-existing
binaries. (We lack the code for that.)
What we can do easily, is build and upload dpkg to our repo and use it to
build the whole Debian archive on amd64, which roughly takes 8 days for both
sid+stretch, and thus roughly 4 days for one suite, if we disable building the
other. (Which we can definitly do, especially if we don't disable building of
new versions in that other suite…)
cheers,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160128/036890df/attachment.sig>
More information about the Reproducible-builds
mailing list