[rb-general] Different checksum for libgcrypt20
Chris Lamb
lamby at debian.org
Fri Jul 12 20:35:30 UTC 2019
Hi Matt et al,,
Morten is entirely correct when he says:
> None of these (pbuild and sbuild) recreate the environment with a BUILDINFO file
> necessary to recreate the hash.
Indeed โ at the very least one needs the .buildinfo to ensure you are
exporting the same value for SOURCE_DATE_EPOCH [0] but also to ensure the
same versions of the build-dependencies and other such things. Here is an
random Debian .buildinfo file so you get the rough idea [1].
> All of my builds have been on VM's โ maybe this package requires a
> "bare metal" build host?
(Just a brief/further clarification in that this should not be a factor.)
ยง
If you have no luck with making an identical package after using
the .buildinfo, my next step would be then to dig out diffoscope to
determine what the *actual* difference is between the specimen package
and your locally-built one.
Hope that helps...
[0] https://reproducible-builds.org/specs/source-date-epoch/
[1] https://gist.github.com/lamby/506cf9da5dd1e3acd97cd1177bc394f6/raw
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` lamby at debian.org ๐ฅ chris-lamb.co.uk
`-
More information about the rb-general
mailing list