Two questions about build-path reproducibility in Debian
Vagrant Cascadian
vagrant at reproducible-builds.org
Tue Mar 5 22:43:32 UTC 2024
On 2024-03-05, John Gilmore wrote:
>>>> ... it makes reproducibilty from around 80-85% of all
>>>> packages to >95%, IOW with this shortcut we can have meaningful reproducibility
>>>> *many years* sooner, than without.
...
> I'd rather that we knew and documented that 57% of
> packages are absolutely reproducible, 23% require SOURCE_DATE_EPOCH, and
> 12% still require a standardized source code directory, than to claim
> all 95% are "meaningfully reproducible" today.
Sounds like an interesting project for someone with significant spare
time and computing resources to take on!
I take "meaningfully reproducible" to mean it is documented how to
produce bit-for-bit identical results. In some cases, this requires
metadata (e.g. Debian .buildinfo file) that you need to reproduce the
build environment, and in some cases, this means you use the standard
build tool for the distribution (e.g. nix or guix).
Those numbers Holger mentioned were because we historically had a
compromise where our tests on tests.reproducible-builds.org Debian
testing did not vary the build path and Debian unstable did vary the
build path, and the difference mostly held at about 10-15% over the
years.
In Debian, the build path is usually included in the .buildinfo file (at
least for builds produced by Debian), which describes the packages and
dependencies and various things about the build environment necessary to
reproduce the build.
It would be pretty impractical, at least for Debian tests, to test
without SOURC_DATE_EPOCH, as dpkg will set SOURCE_DATE_EPOCH from
debian/changelog for quite a few years now. Unless you want to test
reproducibility of antique Debian releases...
live well,
vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20240305/d8ef0222/attachment.sig>
More information about the rb-general
mailing list