Apt reproducible installs
cen
imbacen at gmail.com
Fri Apr 25 10:25:33 UTC 2025
Are there any efforts underway for apt to do reproducible installs?
I am trying to build bit-by-bit identical OCI images and it feels like I
am doing a lot of hacks and workarounds to get things working
and in reality it should be apt that needs to evolve and support
reproducible installs.
Running apt in "reproducible mode" could automatically:
1. Switch to snapshots repo according to SOURCE_DATE_EPOCH
2. Disable logging and caching or at least clean after
3. Use SOURCE_DATE_EPOCH on all installed files (either natively or
automatically using libfaketime)
4. ???
5. Profit!
Just throwing ideas out there but the current situation when I need half
of my Dockerfile to be scripts forcing apt to play nicely is not ideal.
More information about the rb-general
mailing list