Hi Alexis, > Have I compiled and packaged everything wrong?
Given my skim reading of the SHA256sums, I don't think so. As in, you seem to be generating the same packages as tests.reproducible-builds.org, at least on amd64. If anything, "Debian", ie. the official binaries, are the "wrong" ones here… although I wouldn't quite use that term. :) > https://tracker.debian.org/pkg/fbreader indicates reproducibility > OK. This is, unfortunately, a little misleading. To clarify, this statement only means that *tests.reproducible-builds.org* believes that the fbreader source package is reproducible — it doesn't promise that the binary packages on the official Debian mirrors are bit-for-bit identical with anything. This is, of course, not ideal. Still, this is what folks on this list are getting at when they say they "want to make Debian 'really' reproducible". Regarding precisely why there is a difference, I can't write more at the moment, but have you tried comparing "your" fbreader_0.12.10dfsg2-4_amd64.deb with one shipped by Debian using diffoscope? Happy to run that for you if you can provide your file. Regards, -- o ⬋ ⬊ Chris Lamb o o reproducible-builds.org 💠 ⬊ ⬋ o
