Package: debian-installer
Version: 20150422
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertag: timestamps fileordering infrastructure
X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org
X-Debbugs-Cc: debian-bsd@lists.debian.org
Hi!
The debian-installer package build produces netboot.tar.gz and
the mini.iso netboot install media. It doesn't do this in an easily
reproducible way:
* the d-i initrd/mfsroot is a filesystem image, having variable
mtime/ctime/atime timestamps from package build time;
* likewise in the generated mini.iso;
* netboot.tar.gz also has varying timestamps; the order of files
may also vary depending on the filesystem;
* likewise in the cd info tarball;
* likewise in the debian-installer-images tarball;
* all gzipped outfile files have a timestamp in the header.
I have a patch aimed at jessie-kfreebsd that should fix all of the
above. It should be possible to do the same in sid with much less
code, due to new GNU tar features and other reproducible builds work.
I've 'clamped' timestamps to be no later than the most recent
debian/changelog entry date. That way, the non-useful timestamps
from during the build are adjusted to a constant value. Older
timestamps, actually indicating how old a file is, are untouched.
The BUILD_DATE, actually the package version number, is unchanged.
Specifically on kfreebsd, the generated mfsroot is a ffs filesystem
having file atimes, and another timestamp in the filesystem superblock.
I intend to patch makefs so that it can clamp timestamps to a given
SOURCE_DATE_EPOCH.
Besides a file ordering issue in makefs, all output files including
netboot.tar.gz and mini.iso then seem to be reproducible for
jessie-kfreebsd, at least. :)
Regards,
--
Steven Chamberlain
steven@pyro.eu.org
Attachment:
signature.asc
Description: Digital signature