[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Moving towards a deb-buildinfo(5) Format 1.0



Chris Lamb:
> Hey Johannes,
> 
>> Multiple builds of the same source package will set SOURCE_DATE_EPOCH to
>> the same value but will result in a different Build-Date.
> 
> … but that would mean that a reproducible build will result in .buildinfo
> files with different contents (varying on Build-Date).

A .buildinfo file documents the build and is not expected to be
identical between different builds (see also Josch's link). For example
when using sbuild you will always get a different Build-Path if you use
the default settings (and this should be fine).

> That seems, at the very least, somewhat non-intuitive to me.

Yes ;]

> A case might even be made that varying on Build-Date makes our distribution
> problem more difficult; as the files aren't identical we can't easily
> "de-duplicate" them with detached signatures. Perhaps I'm missing something
> obvious.

As described above that's by design and when getting different
.buildinfos from different builders there will be more differences
(Build-Path, Environment(, Build-Architecture)). So a trivial
de-duplication won't work anyway.

Attachment: signature.asc
Description: OpenPGP digital signature


Reply to: