Monthly status update about reproducible live-build ISO images

Roland Clobus rclobus at
Sun Sep 25 20:01:19 UTC 2022

Hello lists,

here is the 13th update of the status for reproducible live-build ISO 
images [1].

Reproducible status (New: no patches required any more):
* All major desktops build reproducibly with bullseye, bookworm and sid
* Number of patches performed by the live-build script that are not yet 
in sid: zero! (0)

My activities in September:
* I noticed that [7] (the last patch for Cinnamon) got included on 
2022-08-14 in sid, and 2022-08-20 in bookworm
* The live images are now automatically fed to openQA after they have 
been proven to be reproducible
* I've asked a question on debian-devel about 'the' timestamp of a 
snapshot of [9]
** Answer: Different timestamps are present in the URLs of snapshot.d.o 
and the content of InRelease
** My conclusion: Patches would be needed to sync those values
** My goal: generate an image from and verify it after 
snapshot.d.o (or or 
contains that timestamp/content
** josch suggested to use metasnap to find the suitable timestamps instead

Work to be done:
* Review the results of the generated ISO images in my local openQA instance
* Add a test for the Calamares installer in openQA
* Booting with UEFI secure boot (waiting for #1015759) in openQA -> the 
ticket is closed, so the work can continue
* Use a no-network scenario in openQA to test for 100% offline installation
* Live images are not generated officially by Debian yet
** Needs some changes in 'live-setup'
** Once the chain of tests (reproducible by Jenkins, functional by 
openQA) is set up, this will be the next main target
* Adjusting the content of the live-build image
** Make the boot menu more similar to the live-wrapper menu
** Add a 'persistent' option (as seen in Kali)
** Keep the accessibility improvements made in the live-wrapper boot menu
** Verify the package lists
*** e.g. the Debian Reference is installed for es and it, but not en

Unchanged, but low priority due to [7], patch available but not released 
* texlive-base: Reported differences in the generated ls-R [2]
* texlive-binaries: Randomness in .fmt files due to Lua hash seeds [3]
* texlive-binaries: updmap creates a logfile with the timestamps of 
files that it just has generated [4]

Future plans/ideas:
* Reprotest might be used instead of just 2 builds without a short time 
frame, to capture more variations
* Use disorderfs
* Transfer the special features of the (now disabled) live-wrapper live 
images to live-build
* Start building official live-images again [6][8]

With kind regards,
Roland Clobus

[8] infinote://
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the rb-general mailing list