Diffoscope and Mach-O binaries (supporting reproducible iOS app builds)
Marc Prud'hommeaux
marc at prux.org
Thu Sep 1 12:14:06 UTC 2022
Chris–
Thanks for the nudge. I have finally gathered all the bits and bobs into an issue:
https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/313
In addition, I wonder if there is interest in exploring a generalization of the system that I describe in the issue: a base "trusted" repository that re-compiles forked apps and verifies their open-source bona fides in a way that is open to public scrutiny and supplemental 3rd-party verification. While the appfair.net system is specific to the Swift Package Manager and iOS/macOS devices, I expect the same principles could be applied to languages like Rust, Go, and other statically-compiled languages with structured and convention-oriented build environments.
–Marc
> On Aug 30, 2022, at 04:47, Chris Lamb <chris at reproducible-builds.org> wrote:
>
> Chris Lamb wrote:
>
>> Could you create a new issue on the diffoscope issue page? In
>> particular, could you ensure you upload your two "Crazy-Glue-iOS.ipa"
>> files? That way, we can reproduce what you are already seeing
>> ("Format-specific differences are supported for this file but...")
>> and ensure that, after potentially adding support to detect these
>> kinds of changes, it does actually do so.
>
> Marc, do let us know if you need a hand with this; I got the
> impression you were keen to get this working, and we haven't heard
> back from you, either here or on the issue tracker. :)
>
>
> Best wishes,
>
> --
> o
> ⬋ ⬊ Chris Lamb
> o o reproducible-builds.org 💠
> ⬊ ⬋
> o
>
>
More information about the rb-general
mailing list