bit by bit identical chroot creation (was Re: Debian and our frenemies of containers and userland repos)

Johannes Schauer josch at debian.org
Tue Oct 8 10:34:23 BST 2019


Hi,

Quoting Holger Levsen (2019-10-08 11:14:52)
> On Tue, Oct 08, 2019 at 10:49:50AM +0200, Johannes Schauer wrote:
> > > And, does this work for mmdebstrap'ing buster too? (whether using
> > > mmdebstrap from unstable or buster...)
> > lets find out!
> 
> hehe, thanks!
> 
> >     $ sudo mmdebstrap --include=mmdebstrap,debootstrap,diffutils buster ./debian-buster
> >     [...]
> >     $ sudo chroot ./debian-buster
> >     # cat /etc/apt/sources.list
> >     deb http://deb.debian.org/debian buster main
> >     deb http://deb.debian.org/debian buster-updates main
> >     deb http://security.debian.org/debian-security buster/updates main
> >     # SOURCE_DATE_EPOCH=1570522957 mmdebstrap --variant=minbase unstable - | sha256sum
> >     [...]
> >     e43ab25109a1f9e73fcb9de698912e25d7402c2aef4445a46719621b517901bf  -
> >     # SOURCE_DATE_EPOCH=1570522957 mmdebstrap --variant=minbase unstable - | sha256sum
> >     [...]
> >     e43ab25109a1f9e73fcb9de698912e25d7402c2aef4445a46719621b517901bf  -
> >     # SOURCE_DATE_EPOCH=1570522957 mmdebstrap --variant=minbase buster - | sha256sum
> >     [...]
> >     a1f4bc1f1c8e4a8942a1cbeed61f02556533d0381de0f9befe618246fec08af7  -
> >     # SOURCE_DATE_EPOCH=1570522957 mmdebstrap --variant=minbase buster - | sha256sum
> >     [...]
> >     a1f4bc1f1c8e4a8942a1cbeed61f02556533d0381de0f9befe618246fec08af7  -
> >     # SOURCE_DATE_EPOCH=1570522957 debootstrap --variant=minbase unstable ./debian-unstable-A
> >     [...]
> >     # SOURCE_DATE_EPOCH=1570522957 debootstrap --variant=minbase unstable ./debian-unstable-B
> >     [...]
> >     # diff -rq ./debian-unstable-A ./debian-unstable-B
> >     Files debian-unstable-A/var/cache/ldconfig/aux-cache and debian-unstable-B/var/cache/ldconfig/aux-cache differ
> >     Files debian-unstable-A/var/log/alternatives.log and debian-unstable-B/var/log/alternatives.log differ
> >     Files debian-unstable-A/var/log/bootstrap.log and debian-unstable-B/var/log/bootstrap.log differ
> >     Files debian-unstable-A/var/log/dpkg.log and debian-unstable-B/var/log/dpkg.log differ
> 
> I dont understand this:
> 
> a.) why do debian-unstable-A and -B differ, the sha256sums above are the
>     same? was that just typo and you ment stable?

the sha256sums are the sums computed from the output of mmdebstrap on stdout
(notice the pipe character in front of the sha256sum command). Debootstrap is
unable to produce a tarball by itself (which is sad because its easier to check
whether two tarballs are the same than checking whether two directories are the
same) so instead I put the debootstrap results into two directories and then
diff them recursively.

> b.) you boostrapped --variant=minbase here, while your original mail was
>     about --variant=essential. I take it that --variant=essential is
>     also unreproducible for buster?

No, --variant=essential is also *reproducible* on buster. But I didn't use it
this time because we are comparing with debootstrap and debootstrap doesn't
know how to create a chroot with only Essential:yes packages in it, so the
comparison would be unfair. With --variant=minbase give to both commands, we
install the same package set and thus make the results a more fair comparison.

> c.) now I wonder if mmdebstrap from *stable* can also bootstrap a
>     reproducible unstable ?

Yes it can. You already wondered that in your earlier email so I included the
test in my commands above.

> & sorry for asking these questions instead of trying it myself...

No problem. :)

Thanks!

cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/reproducible-builds/attachments/20191008/fe6b9d11/attachment.sig>


More information about the Reproducible-builds mailing list