Re: Bug#926242: jenkins.debian.org: Please test reproducibility status of Debian Installer images
Hey Cyril & Samuel,
> > It doesn't build the netinst/CD/DVD iso images indeed (debian-cd handles
> > that). But it builds the initrd used there (and the netboot mini.iso).
>
> Right. Check the tarball (!) produced by building src:debian-installer;
> that's what gets installed in installer-$arch directories in the
> archive; then consumed by debian-cd to produce “full-blown” installation
> images.
TIL. However, as these generated files do not appear in the binary
debian-installer package it is likely that that our testing framework
will (after the mooted networking exception is made) entirely-
correctly report that the src:debian-installer package is reproducible
as its declared artifects contain only documentation. This will be
somewhat misleading about the true reproducibility status of our installer.
Just throwing out ideas here but perhaps this binary package could
contain at least the hashes of the generated files you mention? That way,
at least if they vary between our test builds then we will implicitly see
that in the package's reproducibility status.
However, as this would not incorporate anything that debian-cd does
with them to produce the "full-blown" images I suspect that this will
not be enough to cover everything. Just to underline this point in a
silly way we would not be aware of, for example, debian-cd running
"echo $RANDOM >> /target/ somefile.txt", even with the above hack.
Thanks for your input btw. :)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org 🍥 chris-lamb.co.uk
`-
Reply to: