gobby.debian.org → debconf14 → bof → reproducible-builds * need measurements to know if we're doing better * need a definition to know if a given build can be reproduced * canonical build path? /usr/src/debian/hello-3.12-1/debian/rules * [lunar] patch dpkg-buildpackage to use proot if present * needs submission to debbugs WAIT: let's patch pbuilder and sbuild first (advice from rra) * [lunar] patch dpkg to sort files in .deb archive DONE: sent new version https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719845#61 * [lunar] patch dpkg to use tar with --mtime based on the changelog DONE, but differently: we introduce dh_fixmtimes in debhelper. Patch sent. * can we switch on --enable-deterministic-archives in binutils? * not universally as build system may depend on make's handling of archive members as targets DONE: patch against dh_strip sent. * [AGWA + others] dh_strip_nondeterminism? * where do we record the build environment? * it's a separate arch-specific file * dh_buildinfo to produce it * hello_3.12-1_amd64.buildinfo, referenced by .changes * and hello_3.12-1_all.buildinfo if there are arch-indep binary packages (same content) DONE: format documented on the wiki * dak needs to distribute this new file and it needs to be included in the apt repo signed hashes * to avoid changing semantics of .changes file, buildinfo needs to be signed? * [lunar] .buildinfo format must be extensible and machine-readable DONE: written initial format description on the ReproducibleBuilds wiki page * .buildinfo also needs to record (maybe): * architecture of any multiarch packages * architecture of the host * kernel version/release * username * hostname * time of build * environment variables * /etc/alternatives * number of CPUs * CPU flags * [lunar] mail Yann Dirson about new needs in .buildinfo DONE. * [geofft] we need script to take a .buildinfo and reproduce the build for sbuild * [lunar] submit sbuild patch to geofft that canonicalizes build path DONE.