Debian and reproducible-builds.org incoherence?
Alexis PM
miscelaneanatural at yahoo.es
Tue Apr 11 22:18:19 UTC 2023
Hello
In an environment that is completely Debian bullseye (fbreader 0.12.10dfsg2-4),
using bootstrap and qemu, I have recompiled+repackaged with
apt-get source fbreader
apt-get build-dep -y fbreader
debuild -i -I -us -uc -a $ARC
for amd64 arm64 armhf i386 ppc64el
I have obtained the following SHA256 sums:
24c2c432361dc226cf054fd19a8ce5f7d3e56143ccf4938b5f5b78f64ac3cae0 fbreader_0.12.10dfsg2-4_amd64.deb
1946370694d7c309f20bb11be786a5a0a767eb54da16bd92c6a6ff75d086f526 fbreader_0.12.10dfsg2-4_arm64.deb
8f7e19de12ea0a1e32a739be754b7908cfae871520d73a466709c2d178fd0790 fbreader_0.12.10dfsg2-4_armhf.deb
d6256eed42b37e7d0b6991f29b559d2fae6800a5d1bfb0d20f4e6b86c108a923 fbreader_0.12.10dfsg2-4_i386.deb
7385ec87087fd88a899db042524ab3f86a004874f3cb06c3ef3abc0e0231d666 fbreader_0.12.10dfsg2-4_ppc64el.deb
I downloaded and SHA256 calculated the official Debian packages from
https://packages.debian.org/bullseye/$ARC/fbreader/download
and additionally check the SHA256 sum indicated at the bottom of the download page of each architecture
8eeed0b70ccf6471c621ec12c074e4c487a36498a49721ee914dcb58f92dda1f fbreader_0.12.10dfsg2-4_amd64.deb
9ffc7cb7168ddb9509f3abb31e0a3838767c61948c3b0230bbda42039e153eaf fbreader_0.12.10dfsg2-4_arm64.deb
36ed2e4cf02ffbbfc6bd9495be5aa097e4fd8eda3dea152ac9630f260e24ba8c fbreader_0.12.10dfsg2-4_armhf.deb
d77b1cd0a805ef20edc4aa4f31a3305754aba4863847607b007fda036d4dc1a1 fbreader_0.12.10dfsg2-4_i386.deb
daff7aa4d947a13936510fdae65b2fdfffc767a43c163dda8e96f8e31785994c fbreader_0.12.10dfsg2-4_ppc64el.deb
I have rechecked the SHA256 sums indicated on the web for each architecture. For example (copy-paste):
https://packages.debian.org/bullseye/amd64/fbreader/download
SHA256 checksum 8eeed0b70ccf6471c621ec12c074e4c487a36498a49721ee914dcb58f92dda1f
In all cases, the SHA256 sums indicated on the download website coincide with the one calculated from those downloaded.
Have I compiled and packaged everything wrong?
https://tracker.debian.org/pkg/fbreader indicates reproducibility OK.
It links to https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/fbreader.html
Copy-paste SHA256 for fbreader 0.12.10dfsg2-4 in bullseye:
24c2c432361dc226cf054fd19a8ce5f7d3e56143ccf4938b5f5b78f64ac3cae0 684020 fbreader_0.12.10dfsg2-4_amd64.deb
1946370694d7c309f20bb11be786a5a0a767eb54da16bd92c6a6ff75d086f526 646396 fbreader_0.12.10dfsg2-4_arm64.deb
8f7e19de12ea0a1e32a739be754b7908cfae871520d73a466709c2d178fd0790 613660 fbreader_0.12.10dfsg2-4_armhf.deb
d6256eed42b37e7d0b6991f29b559d2fae6800a5d1bfb0d20f4e6b86c108a923 754272 fbreader_0.12.10dfsg2-4_i386.deb
In all cases, the SHA256 sums indicated on tests.reproducible-builds.org for Debian bullseye's fbreader coincide with the packages I have recompiled+repackaged on the Debian way.
Is there something wrong here?
PS: If my question does not correspond to be formulated in this mailing list, please tell me where to ask it.
More information about the rb-general
mailing list