[Dev] Reproducible builds from ARCH
Denis 'GNUtoo' Carikli
GNUtoo at no-log.org
Sat Apr 9 08:37:48 GMT 2016
Hi,
I noticed that arch now has a page at reproducible-builds.org:
https://tests.reproducible-builds.org/archlinux/archlinux.html
However every single packages fails, including simple shell scripts like
keychain which has only 2 files:
% pacman -Q -l keychain
[...]
keychain /usr/bin/keychain
[...]
keychain /usr/share/man/man1/keychain.1.gz
% file /usr/bin/keychain
/usr/bin/keychain: POSIX shell script, ASCII text executable, with
escape sequences
Comparing the package content shows some issue:
- .PKGINFO encodes the build date
- .BUILDINFO encodes all the system's packages at build time.
- .MTREE also encodes time.
Also, makepkg (available in the pacman package) uses bsdtar, given the
issues above, I could not test if it worked.
I remember from a previous conversation on this list that uploaders
are supposed to use a chroot to build the package.
- Is there any tool that automatize building with the chroot? What
uploaders typically build packages?
- Where is the work on making arch reproducible going on? Do they have
mailing list specially for it? or should patches be sent directly to
the given tool (like pacman).
Denis.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20160409/c7ea1657/attachment.sig>
More information about the Dev
mailing list