Monthly status update about reproducible live-build ISO images

Sun Sep 25 20:01:19 UTC 2022

Hello lists,

here is the 13th update of the status for reproducible live-build ISO 
images [1].

Reproducible status (New: no patches required any more):
* All major desktops build reproducibly with bullseye, bookworm and sid
* Number of patches performed by the live-build script that are not yet 
in sid: zero! (0)

My activities in September:
* I noticed that [7] (the last patch for Cinnamon) got included on 
2022-08-14 in sid, and 2022-08-20 in bookworm
* The live images are now automatically fed to openQA after they have 
been proven to be reproducible
* I've asked a question on debian-devel about 'the' timestamp of a 
snapshot of deb.debian.org [9]
** Answer: Different timestamps are present in the URLs of snapshot.d.o 
and the content of InRelease
** My conclusion: Patches would be needed to sync those values
** My goal: generate an image from deb.debian.org and verify it after 
snapshot.d.o (or snapshot.notset.fr or snapshot.reproducible-build.org) 
contains that timestamp/content
** josch suggested to use metasnap to find the suitable timestamps instead

Work to be done:
* Review the results of the generated ISO images in my local openQA instance
* Add a test for the Calamares installer in openQA
* Booting with UEFI secure boot (waiting for #1015759) in openQA -> the 
ticket is closed, so the work can continue
* Use a no-network scenario in openQA to test for 100% offline installation
* Live images are not generated officially by Debian yet
** Needs some changes in 'live-setup'
** Once the chain of tests (reproducible by Jenkins, functional by 
openQA) is set up, this will be the next main target
* Adjusting the content of the live-build image
** Make the boot menu more similar to the live-wrapper menu
** Add a 'persistent' option (as seen in Kali)
** Keep the accessibility improvements made in the live-wrapper boot menu
** Verify the package lists
*** e.g. the Debian Reference is installed for es and it, but not en

Unchanged, but low priority due to [7], patch available but not released 
yet:
* texlive-base: Reported differences in the generated ls-R [2]
* texlive-binaries: Randomness in .fmt files due to Lua hash seeds [3]
* texlive-binaries: updmap creates a logfile with the timestamps of 
files that it just has generated [4]

Future plans/ideas:
* Reprotest might be used instead of just 2 builds without a short time 
frame, to capture more variations
* Use disorderfs
* Transfer the special features of the (now disabled) live-wrapper live 
images to live-build
* Start building official live-images again [6][8]

With kind regards,
Roland Clobus

[1] https://wiki.debian.org/ReproducibleInstalls/LiveImages
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003449
[3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009196
[4] 
https://salsa.debian.org/live-team/live-build/-/commit/f1a98e4da62c3551f523553c6e23774aaf5e41b4
[6] https://lists.debian.org/debian-live/2022/03/msg00012.html
[7] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006472
[8] infinote://gobby.debian.org/debconf22/bof/debian-installer
[9] https://lists.debian.org/debian-devel/2022/09/msg00199.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20220925/0c7b8b85/attachment.sig>