Seventh status update about reproducible live-build ISO images in Jenkins

To: Debian-live mailing list <debian-live@lists.debian.org>, General discussions about reproducible builds <rb-general@lists.reproducible-builds.org>
Subject: Seventh status update about reproducible live-build ISO images in Jenkins
From: Roland Clobus <rclobus@rclobus.nl>
Date: Tue, 22 Feb 2022 11:16:17 +0100
Message-id: <[🔎] 33607a60-ab25-f8cf-d11b-2693bfca70ab@rclobus.nl>

Hello lists,

here is the seventh update of the status for reproducible live-build ISOimages [1].


Reproducible status:
* All major desktops build reproducibly with bullseye, bookworm and sid ...
** ... except for Cinnamon on bookworm and sid

New and changed:
* live-build now reports a git hash number when a git version is used [2][3]

** Together with the timestamp of the (snapshot) repository, thisgenerates a unique identifier for reproducing the ISO image

* First steps with openQA to walk through every single boot menu entry [4]

** This will test the functionality of the reproducible ISO images, andhelps to find issues early

*** e.g. kernel module mismatch in the Debian Installer

** This procedure will be easily extended to other images, e.g. thenetinst image

* Pending: Jenkins reports the sha256sum of the reproducible image [5]

** You will be able to verify whether a local build is identical to thebuild by Jenkins* Question on the mailing list: Should the live images be generatedagain? [6]


Patch available but not released yet:

* libxmlb used a pointer address (%p) for a hash value. Upstream [7] hasbeen fixed

* texlive-base: Reported differences in the generated ls-R [8]

Future plans/ideas:

* texlive-base: More sources for non-reproducibility are noted in theWiki page [1]

** Only the Cinnamon desktop is affected, starting with bookworm
* Recording the configuration used by live-build
** Next step: test some scenarios and write a proposal

* Reprotest might be used instead of just 2 builds without a short timeframe, to capture more variations

* Use disorderfs

* Long term: When live-build images are working fine, the work could beextended to other images, e.g. the netinst images or perhaps even Dockerimages* Transfer the special features of the (now disabled) live-wrapper liveimages to live-build


With kind regards,
Roland Clobus

[1] https://wiki.debian.org/ReproducibleInstalls/LiveImages
[2] https://salsa.debian.org/live-team/live-build/-/merge_requests/273
[3] Pending merge for Jenkins: 45721776e008469b28ca4310b0cb6413466397c4

[4]https://salsa.debian.org/qa/openqa/openqa-tests-debian/-/merge_requests/2

[5] Pending merge for Jenkins: 071a80ff4f28e019e1067be72058106478ed4624
[6] https://lists.debian.org/debian-live/2022/02/msg00000.html
[7] https://github.com/hughsie/libxmlb/issues/110
[8] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003449

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply to:

Prev by Date: Re: Add new repository
Next by Date: Re: Add new repository
Previous by thread: Re: Add new repository
Next by thread: Bug#1006612: live-build: netboot IPv6 only and NFSv4 → dracut
Index(es):
- Date
- Thread