12th status update about reproducible live-build ISO images
Roland Clobus
rclobus at rclobus.nl
Sun Aug 28 10:38:40 UTC 2022
Hello lists,
here is the 12th update of the status for reproducible live-build ISO
images [1].
Reproducible status (no regressions, that's good):
* All major desktops build reproducibly with bullseye, bookworm and sid
* Number of patches performed by the live-build script that are not yet
in sid:
** non-Cinnamon: 0 Cinnamon: 1 [7]
My activities in August:
* Dropped the win32-loader per default, as in #1017555 [9]
* More variables are available for the SVG images, as requested for
LinuxCNC in #1015782 [10]
* Commented on #1015759, hopefully it will be easy to test with UEFI
secure boot soon
* Pending MR: openQA will generate all live images (2x9) and test them [11]
** Also the isohybrid functionality is tested (by using the ISO image as
an USB drive)
* In the report of the previous month, I forgot to mention that the
rebuild script can also use deb.debian.org instead of a snapshot server [12]
* Jenkins tests of the live images for reproducibility are enabled again
[13][14]
** Even though the snapshot.notset.fr server is not available, the
deb.debian.org-based images will still verify the reproducibility
** Unfortunately, such images can only be reproduced within a time slot
of at most 6 hours. After that time a snapshot server is required.
** Soon(TM), snapshot.reproducible-builds.org can be used
* Unpublished: investigate the differences between live-build and
live-wrapper images, and take the best of both
* Various replies to the debian-live mailing list
Work to be done:
* Review the results of the generated ISO images in my local openQA instance
* Add a test for the Calamares installer in openQA
* Booting with UEFI secure boot (waiting for #1015759) in openQA
* Use a no-network scenario in openQA to test for 100% offline installation
* Use Jenkins to trigger openQA when the image has been verified as
reproducible
* Live images are not generated officially by Debian yet
** I've entered some notes during the DebConf22 Debian Installer BoF [8]
** Needs some changes in 'live-setup'
** Once the chain of tests (reproducible by Jenkins, functional by
openQA) is set up, this will be the next main target
* Adjusting the content of the live-build image
** Make the boot menu more similar to the live-wrapper menu
** Add a 'persistent' option (as seen in Kali)
** Keep the accessibility improvements made in the live-wrapper boot menu
** Verify the package lists
*** e.g. the Debian Reference is installed for es and it, but not en
* Figure out the actual timestamp of the snapshot
** At this moment
https://snapshot.debian.org/archive/debian/20220727T154516Z/ is the
latest snapshot at snapshot.d.o
** But
https://snapshot.debian.org/archive/debian/20220727T154516Z/dists/sid/InRelease
says 'Date: Wed, 27 Jul 2022 14:20:47 UTC', which is not exactly the
same timestamp
Unchanged, but low priority due to [7], patch available but not released
yet:
* texlive-base: Reported differences in the generated ls-R [2]
* texlive-binaries: Randomness in .fmt files due to Lua hash seeds [3]
* texlive-binaries: updmap creates a logfile with the timestamps of
files that it just has generated [4]
Future plans/ideas:
* Reprotest might be used instead of just 2 builds without a short time
frame, to capture more variations
* Use disorderfs
* Long term: When live-build images are working fine, the work could be
extended to other images, e.g. the netinst images or perhaps even Docker
images
* Transfer the special features of the (now disabled) live-wrapper live
images to live-build
* Start building official live-images again [6][8]
With kind regards,
Roland Clobus
[1] https://wiki.debian.org/ReproducibleInstalls/LiveImages
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003449
[3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009196
[4]
https://salsa.debian.org/live-team/live-build/-/commit/f1a98e4da62c3551f523553c6e23774aaf5e41b4
[5] Unreported, patch is in [4]
[6] https://lists.debian.org/debian-live/2022/03/msg00012.html
[7] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006472
[8] infinote://gobby.debian.org/debconf22/bof/debian-installer
[9] https://salsa.debian.org/live-team/live-build/-/merge_requests/287
[10] https://salsa.debian.org/live-team/live-build/-/merge_requests/288
[11]
https://salsa.debian.org/qa/openqa/openqa-tests-debian/-/merge_requests/11
[12] https://salsa.debian.org/live-team/live-build/-/merge_requests/286
[13]
https://salsa.debian.org/qa/jenkins.debian.net/-/commit/e4d7f0b59b9bd919990195ba1e3c563bd1c9bf31
[14]
https://salsa.debian.org/rclobus-guest/jenkins.debian.net/-/commit/49e938b5c403f628842da6abba1f1d1f86318b2b
More information about the rb-general
mailing list