hi kpcyrd, thanks for this interesting update! & kudos on the progress!
On Wed, Jan 22, 2025 at 12:50:53PM +0100, kpcyrd wrote: > ## Consensus > These results are according to: > - https://reproducible.archlinux.org > - https://reproducible.crypto-lab.ch given it's just 4 unreproducible packages I assume you just compared manually? or, IOW, does arch-repro-status supports querying several servers at once and comparing the result? > The instance running at https://wolfpit.net/rebuild/ marks some additional > packages as unreproducible, for example: > > - the `perl` package records something along the lines of `hostname -d`, and > the wahrwolf instance has a value set for this (`.your-server.de`) while the > other two don't (`.nonet`). > - the `unzip` package relies on 31 patches applied on top of the latest > release(!), it seems one of the patches pulled from > `https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-alt-iconv-utf8.patch` > has been modified recently from > sha512:a00e41feede53d42e0eb03d8280664b2a904918fab3c52459d02c07a298dd12e482eb3318c1842933ac3a527308dc5e4871f029b6b79e5bc2b2e1d84fee4fd0f > to > sha512:272abbbc92488bc2f08b230a6f240716ff8204541b3c97752ac42db513ec6c7f2a17b4bdb2c76d68bf8830e0b24a1e8fc2a3948bd8f413dc7eb1ebe88dbad9b6, > while the Arch Linux PKGBUILD assumes these to be stable. interesting find! > - the `libtool` package has a misunderstanding of copyright and records the > build year in their man pages, which recently changed, so while this package > was cleared by the two other rebuilders as "not tampered", it's not > reproducible anymore. yes, I think also for rebuilders there should be continous rebuilds, though with much less frequency than CI builds. > - the `findutils` package seems to pull `.mo` files from the network during > build, i'm surprised to learn network access is allowed at build time! (so i'm not surprised such things then happen.) keep up the great work! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ When you’re used to privilege, equality feels like oppression.
signature.asc
Description: PGP signature
