gobby.debian.org → debconf14 → bof → reproducible-builds
* need measurements to know if we're doing better
* need a definition to know if a given build can be reproduced
* canonical build path?
/usr/src/debian/hello-3.12-1/debian/rules
* [lunar] patch dpkg-buildpackage to use proot if present
* needs submission to debbugs
WAIT: let's patch pbuilder and sbuild first (advice from rra)
* [lunar] patch dpkg to sort files in .deb archive
DONE: sent new version https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719845#61
* [lunar] patch dpkg to use tar with --mtime based on the changelog
DONE, but differently: we introduce dh_fixmtimes in debhelper. Patch sent.
* can we switch on --enable-deterministic-archives in binutils?
* not universally as build system may depend on make's handling of archive members as targets
DONE: patch against dh_strip sent.
* [AGWA + others] dh_strip_nondeterminism?
* where do we record the build environment?
* it's a separate arch-specific file
* dh_buildinfo to produce it
* hello_3.12-1_amd64.buildinfo, referenced by .changes
* and hello_3.12-1_all.buildinfo if there are arch-indep binary packages (same content)
DONE: format documented on the wiki
* dak needs to distribute this new file and it needs to be included in the apt repo signed hashes
* to avoid changing semantics of .changes file, buildinfo needs to be signed?
* [lunar] .buildinfo format must be extensible and machine-readable
DONE: written initial format description on the ReproducibleBuilds wiki page
* .buildinfo also needs to record (maybe):
* architecture of any multiarch packages
* architecture of the host
* kernel version/release
* username
* hostname
* time of build
* environment variables
* /etc/alternatives
* number of CPUs
* CPU flags
* [lunar] mail Yann Dirson <dirson@debian.org> about new needs in .buildinfo
DONE.
* [geofft] we need script to take a .buildinfo and reproduce the build for sbuild
* [lunar] submit sbuild patch to geofft that canonicalizes build path
DONE.