Ximin Luo:
> > Implementation-wise, getting the hash of the .dsc in the .buildinfo is
> > going to be very tricky. dpkg does not know about what's available in
> > the archive. It just knows about packages which are or were installed.
> >
>
> `apt-cache showsrc [pkg]` has the right information in
On 20/09/15 19:22, Johannes Schauer wrote:
> Hi,
>
> Quoting Ximin Luo (2015-09-20 18:49:16)
>> Currently, to run a DDC test, we would have to read the buildinfo file, find
>> the hashes of the binary build-deps, lookup the source packages that
>> corresponds to these hashes, find a different bina
On 20/09/15 20:43, Jérémy Bobbio wrote:
> Ximin Luo:
>> With our current .buildinfo setup, the above process is more
>> complicated, because we *only* store hashes of the binary build
>> environment.
>
> [..]
>
> The idea to put a hash of the binary package in the
> Build-Environment is a late ad
Ximin Luo:
> With our current .buildinfo setup, the above process is more
> complicated, because we *only* store hashes of the binary build
> environment.
I'm sorry but this is not accurate regarding the current
specification [1]. It says:
Build-Environment
List of all packages forming t
Hi,
Quoting Ximin Luo (2015-09-20 18:49:16)
> Currently, to run a DDC test, we would have to read the buildinfo file, find
> the hashes of the binary build-deps, lookup the source packages that
> corresponds to these hashes, find a different binary build-deps for these
> hashes, and run our DDC-ch
Hi list,
BACKGROUND
==
One of the main points of reproducible builds is to enable DDC:
http://www.dwheeler.com/trusting-trust/
To take an example, I can convince myself that my /bin/gcc5 corresponds exactly
to the source code /src/gcc5, if I can:
1. assume that one of /bin/clang, /bin