On Sun, Oct 18, 2015 at 06:20:01PM +0000, Mattia Rizzolo wrote: > Package: dpkg > Version: 1.18.3 > Severity: wishlist > X-Debbugs-CC: reproducible-bui...@lists.alioth.debian.org > > Hi dpkg people, > > in the context of allowing to recreate the same build-environment of a > past build we would need to know which packages where installed. > Currently we rely on (pkgname, arch, version) tuples to uniquely > identify a binary package, but as you can easily imagine this is not > unique at all, definitly not in the multi distro universe, possibly not > even across suites.
I also want this for delta debs, to identify local rebuilds being installed, and prevent delta installation failure in such cases. > > To me it seems that: > * we are mostly interested in the hash of the whole container: all the > use cases highlighted above would require this; > * If ↑ then the hash can't be pre-computed and stored inside the > container. Practically speaking, for your use case you only need a hash of the file tree. My proposal for a package id is to use the md5sum of DEBIAN/md5sums. This can be stored in DEBIAN/control in an id field and generated at build time. We can also use cat DEBIAN/md5sums DEBIAN/control | md5sum (without an Id field in control) as the ID, and then append that to control. This means that dependency relations and stuff is included as well. That's useful for the solver use case; but it's not really relevant for the reproducible build use case - dependencies on the installed system, description, etc should not matter for you. -- Debian Developer - deb.li/jak | jak-linux.org - free software dev | Ubuntu Core Developer | When replying, only quote what is necessary, and write each reply directly below the part(s) it pertains to ('inline'). Thank you.