Quoting Johannes Schauer (2018-11-15 09:22:08) > Quoting Holger Levsen (2018-11-14 19:38:17) > > On Wed, Nov 14, 2018 at 07:30:44PM +0100, Xavier wrote: > > > debrebuild seems to want to compare with old .deb (size ?) > > > > it should not. it should compare with the hashes in the .buildinfo file. > > What the script is doing there in lines 183-187 is to make sure that the > files you already have match the hashes in the .buildinfo file. This is done, > because the mode of operation of the debrebuild script is to expect a > .buildinfo file together with build artifacts to exist (either downloaded > from the archive or as a result from a previous run of dpkg-buildpackage, > pbuilder or sbuild) and then you run debrebuild to check whether the files > you got can be reproduced or not. You now just removed these checks which > makes the script quite useless. If you don't want the check, then you also > have to let the script do the first build.
Another thing that I fear might not have been obvious for others, so mentioning it just in case: We already have the software called reprotest which just builds a given source package twice and check if its reproducible. Debrebuild is *not* supposed to be reprotest. So the *input* to debrebuild is an already built source package together its buildinfo and then the package is built again. Indeed it is not strictly necessary for the old build artifacts to exist when one just wants a binary result (either reproducible/FTBR). But in practice, if the package FTBR, then one wants to have access to the old existing packages so that one can use it as input to diffoscope for inspection.
signature.asc
Description: signature
