Recoding the configuration for live-build images (Was: Third status update about reproducible live-build ISO images in Jenkins)

Bernhard M. Wiedemann bernhardout at lsmod.de
Wed Sep 1 08:59:53 UTC 2021



On 31/08/2021 15.53, Chris Lamb wrote:
> Indeed, needing to
> extract parts of the ISO to recreate it is slightly sub-optimal, if
> only because it would require someone to download it first before
> attempting to recreate it (rather than just possessing the minuscule
> .buildinfo file containing the inputs and output hashes).

There are ways to read files off a remote iso without downloading the
whole thing:
https://github.com/bmwiedemann/curlwwwfs + fuseiso
or maybe
https://github.com/higlass/simple-httpfs

However, it would also be possible to place them as tarball next to it,
but then you add other challenges in toolchains and workflows, if you
think about the separate .buildinfo vs ArchLinux embeeded one.
How do you find the right buildinfo? What if someone only fetches the
binary?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20210901/d2c3de74/attachment.sig>


More information about the rb-general mailing list