Irregular status update about reproducible live-build ISO images

Sun Aug 27 20:21:21 UTC 2023

Hello lists,

here is the 19th update of the status for reproducible live-build ISO 
images [1].

Single line summary: Live images are looking good

Reproducible status:
* All major desktops build reproducibly with bullseye, bookworm, trixie 
and sid
** When built for a second time within the same DAK run
* Rebuilding bookworm images, see [2]
** When rebuilding at any later timestamp

Functionality status:
* The trixie and sid images are affected by #1031183

My activities in July, August:
* The .disk/info file is now more similar to the 11.x series [5]
* The amount of firmware files is reduced [7]
* Rebuilding the bookworm standard image [2]
** The following changes were made in live-build:
*** The sorting order for the checksum files is consistent
*** The file .disk/archive_trace is removed
*** The timestamp of boot/grub/live-theme/theme.txt is consistent
*** The timestamps in the source tar are the 'now' of the generation of 
the image
** For the Debian 12.2 point release, full long-term reproducibility 
should be possible
* Rebuilding the bookworm gnome image [2]
** More investigation is required
* While rebuilding the bookworm images, the following was seen:
** In the ISO-image hard-linked files (same i-node) may swap their order 
(seen in diffoscope file list)
** /lib32 and /libx32 symlinks have disappeared
** It appears that updated tools from the host influence the content of 
the images
** More investigation is required
* Bug triaging, resulting in many closed bug reports against live-build [3]
* Updated the TODO page [6]
* Updated the live-build instructions [1]

Work to be done:
* More investigation is required to provide long-term reproducibility, 
because the live image will be generated without using a snapshot server
* Test the official images and regular snapshot images in openQA as well 
as the images generated by Jenkins (possibly replacing the images 
generated by Jenkins)
* Review the results of the generated ISO images in my local openQA instance
* Adjust the content of the live-build image
** Make the boot menu more similar to the live-wrapper menu
** Add a 'persistent' option (as seen in Kali)
** Keep the accessibility improvements made in the live-wrapper boot menu
** Verify the package lists
*** e.g. the Debian Reference is installed for es and it, but not en
** All locales are present in the live image, but they are not 
activated, which results in a silly GNOME welcome screen [4]
* Bug triaging for issues reported against live-build [3] and 
debian-live [8]
* Many other things. See the TODO page [6]

With kind regards,
Roland Clobus

[1] https://wiki.debian.org/ReproducibleInstalls/LiveImages
[2] https://lists.debian.org/debian-live/2023/08/msg00008.html
[3] 
https://bugs.debian.org/cgi-bin/pkgreport.cgi?archive=0;dist=unstable;ordering=normal;repeatmerged=0;src=live-build
[4] https://lists.debian.org/debian-live/2023/06/msg00017.html
[5] https://lists.debian.org/debian-live/2023/06/msg00023.html
[6] https://wiki.debian.org/DebianLive/TODO
[7] 
https://salsa.debian.org/live-team/live-build/-/commit/8eaf20daf1cf79669975b1acfe4d6fa453eb6307
[8] https://bugs.debian.org/cgi-bin/pkgreport.cgi?package=debian-live
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20230827/4cf6aae8/attachment.sig>