Eighth status update about reproducible live-build ISO images in Jenkins

Roland Clobus rclobus at rclobus.nl
Mon Mar 28 08:39:33 UTC 2022

Hello lists,

here is the eighth update of the status for reproducible live-build ISO 
images [1].

Reproducible status:
* Unchanged: All major desktops build reproducibly with bullseye, 
bookworm and sid ...
** ... except for Cinnamon on bookworm and sid

New and changed:
* The debian-installer preserves timestamps when it publishes the daily 
images [2][3]
* Work in progress: a stand-alone script to rebuild a live-build image
** This will also include a fresh debian-installer part
** When ready, Jenkins will call this script instead of doing it in a 
long Jenkins script
* Under review: use openQA to walk through every single boot menu entry [4]
** This will test the functionality of the reproducible ISO images, and 
helps to find issues early
*** e.g. kernel module mismatch in the Debian Installer
*** Fixed an issue with UEFI and safe boot [5]

Patch available but not released yet:
* libxmlb2: Used a pointer address (%p) for a hash value [6]
* texlive-base: Reported differences in the generated ls-R [7]

Future plans/ideas:
* texlive-base: More sources for non-reproducibility are noted in the 
Wiki page [1]
** Only the Cinnamon desktop is affected, starting with bookworm
* Recording the configuration used by live-build
** Next step: test some scenarios and write a proposal
* Reprotest might be used instead of just 2 builds without a short time 
frame, to capture more variations
* Use disorderfs
* Long term: When live-build images are working fine, the work could be 
extended to other images, e.g. the netinst images or perhaps even Docker 
* Transfer the special features of the (now disabled) live-wrapper live 
images to live-build
* Start building official live-images again

With kind regards,
Roland Clobus

[1] https://wiki.debian.org/ReproducibleInstalls/LiveImages
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006800
[3] https://d-i.debian.org/daily-images/amd64/
[5] https://salsa.debian.org/live-team/live-build/-/merge_requests/278
[6] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006358
[7] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003449
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20220328/78afa9dd/attachment.sig>

More information about the rb-general mailing list