Hello lists,here is the 24th update of the status for reproducible live-build ISO images [1].
Single line summary: 79.5% reproducible live images (yup, lower than last time; see below for the calculation)
Reproducible status: * All major desktops build reproducibly with bullseye, bookworm, trixie ...** ... provided they are built for a second time within the same DAK run (i.e. 6 hours) * All major desktops built reproducibly for the official Debian live images for bookworm (12.5.0) at any later moment ... ** ... except for KDE, which has only 1 issue left in 12.5.0 (fix is prepared for 12.6.0 [2])
* For sid the images cannot be generated, ... ** ... occasionally debootstrap breaks (due to the 64-bit time_t transition) ** ... currently the installer FTBFS (due to the 64-bit time_t transition)** ... currently the installer FTBFS (due to a version mismatch of grub-efi-amd64-signed and grub-common) ** ... but the smallest image can be generated, however only with shim-support for secure UEFI boot
Functionality status:* On sid the smallest image only has the shim boot, so you'll need to enroll the hash for the grubx64.efi file yourself (see openQA for the steps [3]) * Calamares got (temporarily) removed from trixie during the 64-bit time_t transition [4]
My activities in March: * Visit to the MiniDebCamp in Hamburg [5] ** Worked with ema on arm64 native and cross-builds (MR pending) ** Worked with elbrus on stabilising a flaky test [6] ** Worked with fil on openQA tests * Prepared a small documentation update for the live-manual [7] * Bug report on diffoscope [8] * Added support for shim without signed grub [9] Work to be done:* Currently in progress: disable apt updates when persistence is not used (saves bandwidth and stabilises tests)
* Currently in progress: finalise arm64 support (native and cross-build)* Currently in progress: firmware support in live-build (it looks like /usr-merge affects the location of the firmware files)
* See the TODO page [10] With kind regards, Roland Clobus [1] https://wiki.debian.org/ReproducibleInstalls/LiveImages [2] https://salsa.debian.org/live-team/live-build/-/merge_requests/339 [3] https://openqa.debian.net/tests/246742#step/bootwalk_0/2Breadcrumb: Debian Live | *_sid_smallest_build | walk-boot-options@uefi-secure | bootwalk_0
[4] https://bugs.debian.org/1061330 [5] https://wiki.debian.org/DebianEvents/de/2024/MiniDebCampHamburg[6] https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/e9cae80b3792ff97bf79d01c506a06ab7497eab3
[7] https://salsa.debian.org/live-team/live-manual/-/merge_requests/36[8] https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/367 and https://bugs.debian.org/1065498
[9] https://salsa.debian.org/live-team/live-build/-/merge_requests/344 [10] https://wiki.debian.org/DebianLive/TODO79.5%: based on 4 versions x 9 variants + 8 variants; 8 FTBFS, 1 non-reproducible
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature