How to verify a package by rebuilding it locally on Debian?
cen
imbacen at gmail.com
Mon Feb 12 11:29:23 UTC 2024
Hi,
I accidentally sent this to rb-general-requests so reposting..
I would like to verify that a package is reproducible by rebuilding it
locally on Debian (bookworm).
So far the docs have led me to debrebuild tool/script but it is not
clear to me how to use it.
Let's say that I want to install and verify a specific package, e.g.
nano in bookworm. How and from where do I fetch the correct .buildinfo
file?
Is there a tool out there that automatically fetches the correct
.buildinfo, the package source, does a rebuild and returns a yes/no
result as far as reproducability goes?
I found https://buildinfos.debian.net and I can in theory fetch a
.buildinfo file from there using the correct package version and arch
but debrebuild is not happy about it:
debrebuild --buildresults=./artifacts --builder=mmdebstrap
nano_7.2-1_amd64.buildinfo
Unknown option: buildresults
nano_7.2-1_amd64.buildinfo contained a GPG signature; it has NOT been
validated (debrebuild does not support this)!
Use of uninitialized value $srcpkgver in substitution (s///) at
/usr/bin/debrebuild line 246.
refusing to overwrite the input buildinfo file
I think I am missing a big piece of the puzzle somewhere.
Best regards, cen
More information about the rb-general
mailing list