Daniel Kahn Gillmor:
> hey reproducible-builds folks--
> as an interested packager, but not one of the awesome people working
> actively on improving debian toolchains, i wanted to know if there was
> anything specific i could do as a packager now to ensure that my package
> can be reproducibly built.
> If there were a section on the wiki page suggesting what a packager
> could do to try to test their own packages, that would be useful, and
> could maybe get more feedback about reproducible builds.

I think we are still missing small parts of the framework to write that
documentation. We are getting close, but there's a few more steps.

Also, we should soon be able to do another archive-wide build+rebuild.
(maybe more focused on core packages this time, but gnupg is in the
set). We'll make sure to make the log available to interested

> I'm particularly interested in this as part of the GnuPG packaging team
> right now.

In the meantime, you could experiment the build system. I wrote the
following script which will allow to compare the output of a command
repeatedly called with a variation:

You coud try spotting anything that get captured by the build system
that should not. Probably you should ignore variations due to build
path variations.

I'm not sure it's a good use of your time. As, hopefully, we should be
able to have a better definition of what “reproducible builds” mean in
the Debian context.

Lunar                                .''`. 
lu...@debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 

Attachment: signature.asc
Description: Digital signature

Reproducible-builds mailing list

Reply via email to