Irregular status update about reproducible live-build ISO images

Roland Clobus rclobus at
Sun Mar 31 11:14:03 UTC 2024

Hello lists,

here is the 24th update of the status for reproducible live-build ISO 
images [1].

Single line summary: 79.5% reproducible live images (yup, lower than 
last time; see below for the calculation)

Reproducible status:
* All major desktops build reproducibly with bullseye, bookworm, trixie ...
** ... provided they are built for a second time within the same DAK run 
(i.e. 6 hours)
* All major desktops built reproducibly for the official Debian live 
images for bookworm (12.5.0) at any later moment ...
** ... except for KDE, which has only 1 issue left in 12.5.0 (fix is 
prepared for 12.6.0 [2])
* For sid the images cannot be generated, ...
** ... occasionally debootstrap breaks (due to the 64-bit time_t transition)
** ... currently the installer FTBFS (due to the 64-bit time_t transition)
** ... currently the installer FTBFS (due to a version mismatch of 
grub-efi-amd64-signed and grub-common)
** ... but the smallest image can be generated, however only with 
shim-support for secure UEFI boot

Functionality status:
* On sid the smallest image only has the shim boot, so you'll need to 
enroll the hash for the grubx64.efi file yourself (see openQA for the 
steps [3])
* Calamares got (temporarily) removed from trixie during the 64-bit 
time_t transition [4]

My activities in March:
* Visit to the MiniDebCamp in Hamburg [5]
** Worked with ema on arm64 native and cross-builds (MR pending)
** Worked with elbrus on stabilising a flaky test [6]
** Worked with fil on openQA tests
* Prepared a small documentation update for the live-manual [7]
* Bug report on diffoscope [8]
* Added support for shim without signed grub [9]

Work to be done:
* Currently in progress: disable apt updates when persistence is not 
used (saves bandwidth and stabilises tests)
* Currently in progress: finalise arm64 support (native and cross-build)
* Currently in progress: firmware support in live-build (it looks like 
/usr-merge affects the location of the firmware files)
* See the TODO page [10]

With kind regards,
Roland Clobus

     Breadcrumb: Debian Live | *_sid_smallest_build | 
walk-boot-options at uefi-secure | bootwalk_0

79.5%: based on 4 versions x 9 variants + 8 variants; 8 FTBFS, 1 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the rb-general mailing list