Ninth status update about reproducible live-build ISO images in Jenkins

Sun Apr 24 09:35:50 UTC 2022

Hello lists,

here is the ninth update of the status for reproducible live-build ISO 
images [1].

Reproducible status:
* Changed: All major desktops build reproducibly with bullseye, bookworm 
and sid ...
** ... including Cinnamon on bookworm and sid, but at a small 
functionality cost [9][PS1]
* Number of patches in the live-build script that are not yet in sid:
** smallest-build: 0 GNOME: 1 [6] KDE: 1 [6] Cinnamon: 4 [6][7][8][10]

New and changed:
* Finished: a stand-alone script to rebuild a live-build image [3]
** This includes a freshly built debian-installer
** Updated the Wiki page [1]
** Jenkins calls this script instead of having a long Jenkins script [2]
** Many jobs are red for the moment, due to a d-i issue [12]
** This solves the question of recording the configuration used by 
live-build, because the config is determined by a timestamp
* A meeting is scheduled to discuss further progress regarding openQA

Unchanged:
* Under review: use openQA to walk through every single boot menu entry [4]
** This will test the functionality of the reproducible ISO images, and 
helps to find issues early
*** e.g. kernel module mismatch in the Debian Installer
*** Fixed an issue with UEFI and safe boot [5]

Patch available but not released yet:
* libxmlb2: Used a pointer address (%p) for a hash value [6]
* texlive-base: Reported differences in the generated ls-R [7]
* texlive-binaries: Randomness in .fmt files due to Lua hash seeds [8]
* texlive-binaries: updmap creates a logfile with the timestamps of 
files that it just has generated [10]

Future plans/ideas:
* Reprotest might be used instead of just 2 builds without a short time 
frame, to capture more variations
* Use disorderfs
* Long term: When live-build images are working fine, the work could be 
extended to other images, e.g. the netinst images or perhaps even Docker 
images
* Transfer the special features of the (now disabled) live-wrapper live 
images to live-build
* Start building official live-images again [11]

With kind regards,
Roland Clobus

[1] https://wiki.debian.org/ReproducibleInstalls/LiveImages
[2] 
https://salsa.debian.org/qa/jenkins.debian.net/-/commit/b6cea0e1eff84338ada2ad19f4db4b0dddc3c144
[3] 
https://salsa.debian.org/live-team/live-build/-/commit/a9d367d406de014f8a2f864ebda6504d45d679d3
[4] 
https://salsa.debian.org/qa/openqa/openqa-tests-debian/-/merge_requests/2
[5] https://salsa.debian.org/live-team/live-build/-/merge_requests/278
[6] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006358
[7] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003449
[8] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009196
[9] 
https://salsa.debian.org/live-team/live-build/-/commit/f1a98e4da62c3551f523553c6e23774aaf5e41b4
[10] Unreported, patch is in [9]
[11] https://lists.debian.org/debian-live/2022/03/msg00012.html
[12] https://lists.debian.org/debian-boot/2022/04/msg00057.html

[PS1] 14 words will be incorrectly abbreviated
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20220424/3681f080/attachment.sig>