Real World Reproducibility in Debian (was Re: Debian and reproducible-builds.org incoherence?)
Holger Levsen
holger at layer-acht.org
Fri Apr 14 18:00:34 UTC 2023
On Thu, Apr 13, 2023 at 02:43:43PM -0700, Vagrant Cascadian wrote:
> > Any progress on that front? What can be done to change things so that the
> > packages people normally *use* are reproducible?
the Debian packages people normally use *are* already reproducible (well, 80-90%
of them, at least), we just don't systematically have the results from
https://beta.tests.reproducible-builds.org/ included in things like
https://tracker.debian.org which is being tracked as
https://bugs.debian.org/1028615 "tracker.debian.org: tracker.d.o should
display results of reproducible rebuilds, not just reproducible CI results".
(and beta.t.r-b.o is a bit stalled, and our snapshot lacks non-free-firmware
(and is amd64 only) and the debian snapshot server is not usable for large
scale testing and some other issues: we got new SDDs for our snapshot mirror
but had raid controller issues with those which were only fixed last week etc pp.)
so, cool Debian news: Debian bookworm will quite very probably ship
debian-live made live images, which (mostly) Roland Clobus made reproducible
over the last year (with the help of our jenkins setup), so there's
that and that's also not yet been announced, because it's not ready yet. :)
there's more: mmdebstrap and friends now can create reproducible chroot tar archive
or docker container and someone should rebuild those latest debian-installer
releases to see if those are reproducible...
> I think it is not nearly as bad as people think, and we undersell
> ourselves when we say we do not have "real" reproducibility testing for
> Debian. The work we have done and continue to do has made significant
> real-world reproducibility possible!
YES. to every word here.
thankfully we'll have both a Debian release and a DebConf soon, which in
the last have been occassions were we summarized things and updated
where we are and want to be.
so stay tuned.
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
We live in a world where teenagers get more and more desperate trying to
convince adults to behave like grown ups.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20230414/aee9a356/attachment.sig>
More information about the rb-general
mailing list