Web lists-archives.com

Re: Debian Buster will only be 54% reproducible (while we could be at >90%)

On Wed, Mar 06, 2019 at 09:40:23AM +0000, peter green wrote:
> > Because of their design, binNMUs are unreproducible, see #894441 [3] for
> > the details (in short: binNMUs are not what they are ment to be: the source
> > is changed and thrown away)
> To be specific, the source tree is extracted, then an entry is added to
> debian/changelog and then the package is built. This modified source
> tree is not retained.


> It seems to me that binnmus could be made reproducible by storing the
> debian/changelog modifications in the buildinfo, then re-applying it
> at reproduction time.

that's actually the case nowadays, not sure since when. eg
starts like this:

Format: 1.0
Source: dmtx-utils (0.7.6-1.1)
Binary: dmtx-utils
Architecture: kfreebsd-amd64
Version: 0.7.6-1.1+b1
 dmtx-utils (0.7.6-1.1+b1) sid; urgency=low, binary-only=yes
   * Binary-only non-maintainer upload for kfreebsd-amd64; no source changes.
   * rebuild for libdmtx0b
  -- kfreebsd-amd64 / kfreebsd-i386 Build Daemon (kamp) <buildd@xxxxxxxxxxxxxxx>  Sun, 14 Apr 2019 01:03:43 +0000

I yet have to actually test if one can bit by bit reproduce binNMUs
with this information, but I'm quite very hopeful.


       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Attachment: signature.asc
Description: PGP signature