[Dev] Fwd: First Reproducible Builds Summit

Josh Branning lovell.joshyyy at gmail.com
Thu Dec 10 16:02:37 GMT 2015


>>    First Reproducible Builds Summit
>>
>
> I met a few people who were there, and they were quite happy about how
> it went.  I'm eager to meet with Lunar and learn more about the current
> status of Debian reproducible builds.
>
> Any plan for Parabola?

It's something I would like to see too. Ideally an operating system like 
parabola could be built from source and then verified, although that's a 
pretty big ask.

I notice there is a nice script (dagpkg) for building packages. Perhaps 
it would be useful for not only automated builds, but reproducible ones too?

I recently found a nice vendor-neutral website about reproducible builds 
[1]. It says about setting the build environment, including:

specific operating system (if cross-compiling is not supported)

and

build system architecture (if cross-compiling is not supported)

If it is possible to cross-compile the packages that make up the 
Parabola ISO, then the whole operating system could perhaps be built, 
then verified by a completely different system. This would help to give 
users migrating to Parabola more peace of mind over the security of the OS.

I know Parabola is not (Cross) Linux From Scratch, but pacman can 
theoretically work on other operating systems, and to me it looks like 
the potential there for users to be able to compile the whole OS (and 
perhaps verify) on many other major platforms.

Also, if users are able to build, in bulk, the Parabola packages like 
this, it would help those with limited or no internet connection(s) for 
people less well off, and could provide a robust way of allowing a quick 
restart development if (heaven forbid) the project were to cease.


Josh


[1] https://reproducible-builds.org/docs/



More information about the Dev mailing list