Moving towards a deb-buildinfo(5) Format 1.0
HW42
hw42 at ipsumj.de
Sun Nov 13 19:07:00 UTC 2016
Chris Lamb:
> Hey Johannes,
>
>> Multiple builds of the same source package will set SOURCE_DATE_EPOCH to
>> the same value but will result in a different Build-Date.
>
> … but that would mean that a reproducible build will result in .buildinfo
> files with different contents (varying on Build-Date).
A .buildinfo file documents the build and is not expected to be
identical between different builds (see also Josch's link). For example
when using sbuild you will always get a different Build-Path if you use
the default settings (and this should be fine).
> That seems, at the very least, somewhat non-intuitive to me.
Yes ;]
> A case might even be made that varying on Build-Date makes our distribution
> problem more difficult; as the files aren't identical we can't easily
> "de-duplicate" them with detached signatures. Perhaps I'm missing something
> obvious.
As described above that's by design and when getting different
.buildinfos from different builders there will be more differences
(Build-Path, Environment(, Build-Architecture)). So a trivial
de-duplication won't work anyway.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 825 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20161113/a20e5316/attachment.sig>
More information about the Reproducible-builds
mailing list