Irregular status update about reproducible live-build ISO images
Roland Clobus
rclobus at rclobus.nl
Sun Mar 31 11:14:03 UTC 2024
Hello lists,
here is the 24th update of the status for reproducible live-build ISO
images [1].
Single line summary: 79.5% reproducible live images (yup, lower than
last time; see below for the calculation)
Reproducible status:
* All major desktops build reproducibly with bullseye, bookworm, trixie ...
** ... provided they are built for a second time within the same DAK run
(i.e. 6 hours)
* All major desktops built reproducibly for the official Debian live
images for bookworm (12.5.0) at any later moment ...
** ... except for KDE, which has only 1 issue left in 12.5.0 (fix is
prepared for 12.6.0 [2])
* For sid the images cannot be generated, ...
** ... occasionally debootstrap breaks (due to the 64-bit time_t transition)
** ... currently the installer FTBFS (due to the 64-bit time_t transition)
** ... currently the installer FTBFS (due to a version mismatch of
grub-efi-amd64-signed and grub-common)
** ... but the smallest image can be generated, however only with
shim-support for secure UEFI boot
Functionality status:
* On sid the smallest image only has the shim boot, so you'll need to
enroll the hash for the grubx64.efi file yourself (see openQA for the
steps [3])
* Calamares got (temporarily) removed from trixie during the 64-bit
time_t transition [4]
My activities in March:
* Visit to the MiniDebCamp in Hamburg [5]
** Worked with ema on arm64 native and cross-builds (MR pending)
** Worked with elbrus on stabilising a flaky test [6]
** Worked with fil on openQA tests
* Prepared a small documentation update for the live-manual [7]
* Bug report on diffoscope [8]
* Added support for shim without signed grub [9]
Work to be done:
* Currently in progress: disable apt updates when persistence is not
used (saves bandwidth and stabilises tests)
* Currently in progress: finalise arm64 support (native and cross-build)
* Currently in progress: firmware support in live-build (it looks like
/usr-merge affects the location of the firmware files)
* See the TODO page [10]
With kind regards,
Roland Clobus
[1] https://wiki.debian.org/ReproducibleInstalls/LiveImages
[2] https://salsa.debian.org/live-team/live-build/-/merge_requests/339
[3] https://openqa.debian.net/tests/246742#step/bootwalk_0/2
Breadcrumb: Debian Live | *_sid_smallest_build |
walk-boot-options at uefi-secure | bootwalk_0
[4] https://bugs.debian.org/1061330
[5] https://wiki.debian.org/DebianEvents/de/2024/MiniDebCampHamburg
[6]
https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/e9cae80b3792ff97bf79d01c506a06ab7497eab3
[7] https://salsa.debian.org/live-team/live-manual/-/merge_requests/36
[8] https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/367
and https://bugs.debian.org/1065498
[9] https://salsa.debian.org/live-team/live-build/-/merge_requests/344
[10] https://wiki.debian.org/DebianLive/TODO
79.5%: based on 4 versions x 9 variants + 8 variants; 8 FTBFS, 1
non-reproducible
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20240331/457059e6/attachment.sig>
More information about the rb-general
mailing list