Hey Cyril & Samuel, > > It doesn't build the netinst/CD/DVD iso images indeed (debian-cd handles > > that). But it builds the initrd used there (and the netboot mini.iso). > > Right. Check the tarball (!) produced by building src:debian-installer; > that's what gets installed in installer-$arch directories in the > archive; then consumed by debian-cd to produce “full-blown” installation > images.
TIL. However, as these generated files do not appear in the binary debian-installer package it is likely that that our testing framework will (after the mooted networking exception is made) entirely- correctly report that the src:debian-installer package is reproducible as its declared artifects contain only documentation. This will be somewhat misleading about the true reproducibility status of our installer. Just throwing out ideas here but perhaps this binary package could contain at least the hashes of the generated files you mention? That way, at least if they vary between our test builds then we will implicitly see that in the package's reproducibility status. However, as this would not incorporate anything that debian-cd does with them to produce the "full-blown" images I suspect that this will not be enough to cover everything. Just to underline this point in a silly way we would not be aware of, for example, debian-cd running "echo $RANDOM >> /target/ somefile.txt", even with the above hack. Thanks for your input btw. :) Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 🍥 chris-lamb.co.uk `-