bit by bit identical chroot creation (was Re: Debian and our frenemies of containers and userland repos)
Holger Levsen
holger at layer-acht.org
Tue Oct 8 08:45:08 BST 2019
Hi,
this just went by on debian-devel at l.d.o:
On Mon, Oct 07, 2019 at 01:43:18PM +0200, Johannes Schauer wrote:
[...]
> Downloading "random binary from the internet" is less of a problem if we can
> create images which are bit-by-bit identical to checksums that we can verify
> through a trusted service. This is also already provided by mmdebstrap:
>
> $ SOURCE_DATE_EPOCH=1570448177 mmdebstrap --variant=essential unstable - | sha256sum
> [...]
> f40a3d2e9e168c3ec6270de1be79c522ce9f2381021c25072353bb3b5e1703d6 -
> $ SOURCE_DATE_EPOCH=1570448177 mmdebstrap --variant=essential unstable - | sha256sum
> [...]
> f40a3d2e9e168c3ec6270de1be79c522ce9f2381021c25072353bb3b5e1703d6 -
wow, neato, I wasn't aware of this. very cool!
I don't think debootstrap does this already, or does it?
And, does this work for mmdebstrap'ing buster too? (whether using
mmdebstrap from unstable or buster...)
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/reproducible-builds/attachments/20191008/fd766759/attachment.sig>
More information about the Reproducible-builds
mailing list