[Git][reproducible-builds/reproducible-website][master] Briefly describe how buildinfo is recorded

Sat Aug 25 13:04:12 CEST 2018

Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website


Commits:
06416b6d by Arnout Engelen at 2018-08-25T11:03:45Z
Briefly describe how buildinfo is recorded

Briefly describe how buildinfo information is recorded in various ecosystems,
where possible linking to the documentation for those systems themselves.

- - - - -


2 changed files:

- _docs/perimeter.md
- _docs/recording.md


Changes:

=====================================
_docs/perimeter.md
=====================================
@@ -12,8 +12,9 @@ version to another as better optimizations are integrated all the time.
 Instead, reproducible builds happen in the context of a *build
 environment*. It usually comprises the set of tools, required versions,
 and other assumptions about the operating system and its configuration.
-A description of this environment should typically be provided alongside
-any distributed binary package.
+A description of this environment should typically be
+[recorded]({{ "/docs/recording/" | prepend: site.baseurl }}) and provided
+alongside any distributed binary package.
 
 Requirements
 ------------


=====================================
_docs/recording.md
=====================================
@@ -10,19 +10,47 @@ built. The “about dialog” or output of `--version` typically contains
 information about the build environment.
 
 In the context of reproducible builds, we either actively make aspects
-of the build environment irrelevant to the build output, or ensure they
-are mandatory to rebuild the software exactly as distributed.
+of the [build environment]({{ "/docs/perimeter/" | prepend: site.baseurl }})
+irrelevant to the build output, or ensure they are available to rebuild the
+software exactly as distributed.
 
-All irrelevant information should not be recorded. What information is
-irrelevant depends on what is defined to be
-[part of the build environment]({{ "/docs/perimeter/" | prepend: site.baseurl }}),
-but it likely includes information such as date and time of the build, build
-system hostname, path, network configuration, CPU type, memory size,
-environment variables…
+All relevant information about the build environment should either be defined
+as part of the development process or recorded during the build process.
 
-The rest of the build environment should either be defined as part of
-the development process or recorded during the build process.
+## File Format
 
 Everything that is recorded is stored best as a separate build product that can
 be easily ignored or distributed separately. This will help identify which
 variation is irrelevant to the software itself.
+
+This product is called the 'buildinfo', but its exact format and the way it is
+distributed differs across ecosystems.
+
+### Debian
+
+Debian shares its buildinfo files as plain text files following the
+[control file format](https://www.debian.org/doc/debian-policy/ch-controlfields.html),
+usually clearsigned with OpenPGP. A detailed description of the expected
+fields and values, as well as conventions around naming, can be found under
+[ReproducibleBuilds/BuildinfoFiles](https://wiki.debian.org/ReproducibleBuilds/BuildinfoFiles)
+on the [Debian wiki](https://wiki.debian.org). Examples can be found on
+[buildinfo.debian.net](https://buildinfo.debian.net).
+
+### Arch Linux
+
+The Arch Linux [makepkg](https://wiki.archlinux.org/index.php/makepkg) build
+tool produces a `.BUILDINFO` file consisting of `<key> = <value>` pairs.
+
+Unlike on Debian, this file is not independently signed and distributed, but
+included into the package (and thus signed as part of the package signature).
+An example can be found by downloading any Arch package built with a recent
+version of [makepkg](https://wiki.archlinux.org/index.php/makepkg), such as
+[archlinux-keyring](
+https://www.archlinux.org/packages/core/any/archlinux-keyring).
+
+### Tails
+
+Tails does not record a buildinfo file per se, but instead the
+[vagrant directory of the main git repo](
+https://gitlab.com/Tails/tails/tree/master/vagrant) contains all information
+necessary to reproducibly rebuild that revision of Tails.
\ No newline at end of file



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/commit/06416b6de812ab9aa900aab31fea2de91636ae2e

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/commit/06416b6de812ab9aa900aab31fea2de91636ae2e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20180825/32d001ae/attachment.html>
