Hello lists,here is the 13th update of the status for reproducible live-build ISO images [1].
Reproducible status (New: no patches required any more): * All major desktops build reproducibly with bullseye, bookworm and sid* Number of patches performed by the live-build script that are not yet in sid: zero! (0)
My activities in September:* I noticed that [7] (the last patch for Cinnamon) got included on 2022-08-14 in sid, and 2022-08-20 in bookworm * The live images are now automatically fed to openQA after they have been proven to be reproducible * I've asked a question on debian-devel about 'the' timestamp of a snapshot of deb.debian.org [9] ** Answer: Different timestamps are present in the URLs of snapshot.d.o and the content of InRelease
** My conclusion: Patches would be needed to sync those values** My goal: generate an image from deb.debian.org and verify it after snapshot.d.o (or snapshot.notset.fr or snapshot.reproducible-build.org) contains that timestamp/content
** josch suggested to use metasnap to find the suitable timestamps instead Work to be done: * Review the results of the generated ISO images in my local openQA instance * Add a test for the Calamares installer in openQA* Booting with UEFI secure boot (waiting for #1015759) in openQA -> the ticket is closed, so the work can continue
* Use a no-network scenario in openQA to test for 100% offline installation * Live images are not generated officially by Debian yet ** Needs some changes in 'live-setup'** Once the chain of tests (reproducible by Jenkins, functional by openQA) is set up, this will be the next main target
* Adjusting the content of the live-build image ** Make the boot menu more similar to the live-wrapper menu ** Add a 'persistent' option (as seen in Kali) ** Keep the accessibility improvements made in the live-wrapper boot menu ** Verify the package lists *** e.g. the Debian Reference is installed for es and it, but not enUnchanged, but low priority due to [7], patch available but not released yet:
* texlive-base: Reported differences in the generated ls-R [2] * texlive-binaries: Randomness in .fmt files due to Lua hash seeds [3]* texlive-binaries: updmap creates a logfile with the timestamps of files that it just has generated [4]
Future plans/ideas:* Reprotest might be used instead of just 2 builds without a short time frame, to capture more variations
* Use disorderfs* Transfer the special features of the (now disabled) live-wrapper live images to live-build
* Start building official live-images again [6][8] With kind regards, Roland Clobus [1] https://wiki.debian.org/ReproducibleInstalls/LiveImages [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003449 [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009196[4] https://salsa.debian.org/live-team/live-build/-/commit/f1a98e4da62c3551f523553c6e23774aaf5e41b4
[6] https://lists.debian.org/debian-live/2022/03/msg00012.html [7] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006472 [8] infinote://gobby.debian.org/debconf22/bof/debian-installer [9] https://lists.debian.org/debian-devel/2022/09/msg00199.html
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature