Bug#802241: #802241: dpkg: please store the hash of the installed .deb and allow to query it
Johannes Schauer
josch at debian.org
Fri Jun 8 18:54:20 BST 2018
Hi Holger,
Quoting Holger Levsen (2018-06-08 17:47:47)
> as I'm not an sbuild user (yet) myself, I was hesistant to try this
> myself, so I'm confused now: does it work as it is now? (or does it need
> changes to snapshot.d.o?)
yes, it does work as it is now.
Just supply the script with a buildinfo file to see it in action.
It does not require superuser privileges.
The script will query snapshot.debian.org to retrieve the right snapshot
timestamp that contains all the package versions specified in the buildinfo
file.
At the end of execution the script will print how to either reproduce the
buildinfo manually via dpkg-buildpackage or how to run sbuild such that it does
it for you.
People who know how to use pbuilder could easily add a section that outputs how
to run pbuilder to do the same.
Naturally, instead of just printing how to use sbuild or pbuilder, the script
could also be made actually run either.
The main two limitations of the script are:
1. it will fail if there is not a single snapshot that contains all the right
package versions
2. it will instruct sbuild/pbuilder to use the last stable release as the base
which might not allow upgrading to the right package versions
Both issues can be fixed by manually downloading exactly the required binary
package set and creating a completely new chroot with exactly the required
packages. But I didn't get around to doing that yet.
Thanks!
cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/reproducible-builds/attachments/20180608/df6036f1/attachment.sig>
More information about the Reproducible-builds
mailing list