Why is not everything reproducible yet?
Bernhard M. Wiedemann
bernhardout at lsmod.de
Wed Jan 22 09:55:32 UTC 2025
On 2/15/24 5:55 AM, Bernhard M. Wiedemann via rb-general wrote:
>
> e.g. in
> http://
> bafybeiezodttpdsrhy7gj7zuzklbs3exh42a4ezorsepnn74ar2gkicujy.ipfs.cf-
> ipfs.com/
> if we had reproducible ISOs, I could build and sign them in a low-
> bandwidth place but build+upload from another.
somewhat off-topic:
IPFS' DHT shows its unreliability once again.
The content is still there, reachable under
https://opensuse-zq1-de.ipns.dweb.link/history/20240213/tumbleweed/iso/
and
https://bafybeiezodttpdsrhy7gj7zuzklbs3exh42a4ezorsepnn74ar2gkicujy.ipfs.dweb.link/
The point I was trying to make there is: r-b allows us to have a
publisher of a binary that is not the builder and does not even need to
communicate with the builder, apart from the build inputs.
In https://rb.zq1.de/RBOS/ring1/ I have a repo of 500GB of unsigned rpms
that can be bit-reproduced from the sources anytime anywhere (still WIP
this month).
And the only part that *has* to come from me is the 228 bytes signature at
https://rb.zq1.de/RBOS/ring1/_build.standard.x86_64/repodata/repomd.xml.asc
(it is actually 119 bytes after base64 -d)
Ciao
Bernhard M.
More information about the rb-general
mailing list