[Dev] Reproducible builds from ARCH
Denis 'GNUtoo' Carikli
GNUtoo at no-log.org
Sat Apr 9 08:37:48 GMT 2016
I noticed that arch now has a page at reproducible-builds.org:
However every single packages fails, including simple shell scripts like
keychain which has only 2 files:
% pacman -Q -l keychain
% file /usr/bin/keychain
/usr/bin/keychain: POSIX shell script, ASCII text executable, with
Comparing the package content shows some issue:
- .PKGINFO encodes the build date
- .BUILDINFO encodes all the system's packages at build time.
- .MTREE also encodes time.
Also, makepkg (available in the pacman package) uses bsdtar, given the
issues above, I could not test if it worked.
I remember from a previous conversation on this list that uploaders
are supposed to use a chroot to build the package.
- Is there any tool that automatize building with the chroot? What
uploaders typically build packages?
- Where is the work on making arch reproducible going on? Do they have
mailing list specially for it? or should patches be sent directly to
the given tool (like pacman).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the Dev