[Reproducible-builds] Reproducible patches for libisoburn and libisofs

HW42 hw42 at ipsumj.de
Mon Aug 15 12:22:00 UTC 2016

Thomas Schmitt:
> A new source of irreproducibility appeared: Future xorriso versions.
> I will of course try to keep such changes as rare as possible. But it
> cannot be totally guaranteed that the same input data and options will
> yield the same ISO with future versions of xorriso.
> In case of a bug, i'd have few justification to preserve its consequences.
> The most obvious reason is the Preparer Id which xorriso writes into
> the ISO by default. Current debian-cd ISOs have:
>   XORRISO-1.3.6 2014.04.08.180000, LIBISOBURN-1.3.6, LIBISOFS-1.3.6, LIBBURN-1.3.6
> whereas currently uploaded GNU xorriso writes by default:
>   XORRISO-1.4.5 2016.08.12.185822, LIBISOBURN-1.4.5, LIBISOFS-1.4.5, LIBBURN-1.4.5
> This can be overridden by classical mkisofs option -p.
> E.g.:
>   -p "Yoyodyne Reproducible ISO Maker and xorriso"

It obviously depends on the context in which xorriso is used but in
general you need to fixate the version of your build depends anyway to
archive reproducible builds (for example an updated compiler should be
able to output better optimized code). So this should be no
reproducibility problem. For Debian packages we are going to record the
packages used to satisfy the build depends in so called .buildinfo
files (see [0] for an example).

[0]: https://tests.reproducible-builds.org/debian/buildinfo/unstable/amd64/libisoburn_1.4.4-1_amd64.buildinfo

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160815/36f44716/attachment.sig>

More information about the Reproducible-builds mailing list