Two questions about build-path reproducibility in Debian
Holger Levsen
holger at layer-acht.org
Mon Mar 4 20:37:06 UTC 2024
On Mon, Mar 04, 2024 at 11:52:07AM -0800, John Gilmore wrote:
> Why would these become "wishlist" bugs as opposed to actual reproducibility bugs
> that deserve fixing, just because one server at Debian no longer invokes this
> bug because it always uses the same build directory?
because it's "not one server at Debian" but what many ecosystems do: build in an
deterministic path (eg /$pkg/$version or whatever) or record the path as part
of the build environment, to have it deterministic as well.
in the distant past, before namespacing become popular, using a random path
was a solution to allow parallel builds of the same software & version.
and yes, this is a shortcut and a tradeoff, similar to demanding to build
in a certain locale. also it makes reproducibilty from around 80-85% of all
packages to >95%, IOW with this shortcut we can have meaningful reproducibility
*many years* sooner, than without.
and I'd really rather like to see Debian 100% reproducible in 2030, than in 2038.
and some subsets today, or much sooner.
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
Homophobia is a sin against god.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20240304/bf7a11c6/attachment.sig>
More information about the rb-general
mailing list