Uploads with conflicting buildinfo filenames
Holger Levsen
holger at layer-acht.org
Fri Jun 27 14:39:28 UTC 2025
Hi Helmut,
On Thu, Jun 26, 2025 at 11:03:17AM +0200, Helmut Grohne wrote:
> in the context of Debusine, we ran into an issue around the naming of
> buildinfo files. Fundamentally, I hope we agree that buildinfo files are
> not meant to be reproducible themselves as they include e.g. the precise
> build date, build path and optionally a signature.
yes
> Yet, their filenames
> are quite reproducible. In effect, if you perform several related
> uploads (e.g. source and binary) you may end up with multiple .changes
> files referencing the same .buildinfo filename with differing .buildinfo
> content. That seems allright.
AIUI this is because dpkg just sets arbitrary filenames and dak doesnt really
care anyway.
> A key aspect of reproducible builds is to
> allow several buildinfo files to document how the same .deb came to be,
> but the current naming scheme suggests conflicting filenames for such
> rebuilds.
I'm not sure that's a key aspect of r-b but please continue... :)
> Let's have a bit of context. The wiki[1] has a section on naming them
> and specifies a predictable scheme. This is followed by the tools in
> widespread use (sbuild and dpkg). Later in the same page, an example is
> given.
If you look at
https://wiki.debian.org/ReproducibleBuilds/BuildinfoFiles?action=info
you will see that 33 of the 35 edits of this page where before December 2016
and if you look at https://buildinfos.debian.net/ftp-master.debian.org/buildinfo/2016/
and click on the 12 you will understand that .buildinfo files are a
reality since 2016-12-22 when that dpkg upload happened, which now
has become the de-facto definition of .buildinfo files.
And that definition has violated some of our design and we never really
followed up on this which is partly why we are where we are now. Which
is mostly a great place in regards .buidlinfo files.
My biggest grief with .buildinfo files currently are rather #763822 and #929397 now, btw.
> | The following file could be named e.g. fweb_1.62-12+b2_brahms-20120530114812.buildinfo:
>
> At the very least, the wiki page is inconsistent with itself.
>
> The naming was discussed[2] on the rb-general list in 2018 and there a
> portion of randomness was suggested.
Yes, rb-general is nice to discuss this but for this to change this
needs bug reports and changes in dpkg.
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
Don’t believe everything you think.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20250627/8b1e2d28/attachment.sig>
More information about the rb-general
mailing list