[rb-general] Different checksum for libgcrypt20

Morten Linderud foxboron at archlinux.org
Thu Jul 11 18:52:39 UTC 2019

On Thu, Jul 11, 2019 at 05:54:51PM +0000, Matt Bearup via rb-general wrote:
> Hello all,


> I'm experimenting with reproducible builds and, while I've managed to generate
> several packages with correct hashsums (per reproducible-builds.org), there
> are ~9 packages where I consistently get a different checksum.  Focusing on
> one package for this discussion...
> [...]
>   *   However, I've tried multiple build tools (pbuilder and sbuild), multiple
>   build machines, and multiple host OSes (Stretch and Buster - though the
>   chroot is always buster). I *consistently* get a different sha256 checksum
>   for this package: bbde6cee1fd915e5257b7c47977d8e88dc5e45816fe241fd8751a50aea98c6b8.

None of these (pbuild and sbuild) recreate the environment with a BUILDINFO file
necessary to recreate the hash.

You can try using srebuild and see if it manages to produce the same hash as it
would utilize the BUILDINFO to recreate the build environment. But this isn't a
standalone tool yet.


Morten Linderud

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20190711/9262ed17/attachment.sig>

More information about the rb-general mailing list