Re: [Tails-dev] Help us build Tails 3.2~alpha1 build reproducibly

[anonym]

anonym:
> ### ... and the checksums differ (i.e. reproduction failed).
> [...]
> sudo apt -o APT::Install-Suggests="true" \
>  -o APT::Install-Recommends="true" \
>  install diffoscope -t stretch-backports

It was reported to us that the above command pulls in ~3500 dependencies (~3.5 
GB packages, 14 GB disk usage) on a minimal Debian Stretch, including a full 
GNOME desktop environment. Whoops! You will get 80% less dependencies (but 
still all the needed ones!) with this command:

sudo apt -o APT::Install-Recommends="true" \
 install diffoscope/stretch-backports

Sorry for the inconvenience (again)!
Cheers!
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

[Tails-dev] Help us build Tails 3.2~alpha1 build reproducibly

[anonym]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear Tails and Tor contributors,
dear Reproducible Builds community,

We have sent out a first call [1] for testing to build Tails 3.1 reproducibly
and we have received some build reports. Thank you very much for your help! We
have since then tried to fix most of the identified issues [2] in Tails
3.2~alpha1, and thus we'd kindly like to ask you to try to build the new ISO
image again, or even for the first time. Please don't hesitate to contact us
if you get stuck at some point in the process, for example by connecting to our
chatroom [3]! You can also send us email to tails-dev at boum.org (public) or
tails at boum.org (private).

Note that Tails 3.2~alpha1 is *not* recommended for real usage, since it has
not gone through *any* QA. Please use Tails 3.1 instead until Tails 3.2 is
released!

# How?

For your convenience all instructions needed to attempt to reproduce
Tails 3.2~alpha1 are included hereafter. However all commands are
adapted for Debian Stretch (and Buster/Sid), so your results may vary if
you run another Linux distribution. Our full build instructions [4]
might help if you are having problems.

## Setup the build environment

Building Tails requires the KVM virtual machine hypervisor to be
available, a minimum of 1 GiB of free RAM and a maximum of 20 GB of
free storage.

### Install dependencies

sudo apt-get install \
git \
rake \
libvirt-daemon-system \
dnsmasq-base \
ebtables \
qemu-system-x86 \
qemu-utils \
vagrant \
vagrant-libvirt \
vmdebootstrap && \
sudo systemctl restart libvirtd

### If building as a non-root user

(Skip this section if you intend to build Tails as the root user!)

Make sure that the user that is supposed to initiate the build is part
of the relevant groups:

for group in kvm libvirt libvirt-qemu; do sudo adduser $user $group; done

Then run `newgrp` (or just reboot) to apply the new group memberships
to the session.

## Build Tails 3.2~alpha1

git clone https://git-tails.immerda.ch/tails
cd tails
git checkout 3.2~alpha1
git submodule update --init
rake build

# Send us feedback!

No matter how your build attempt turned out we are interested in you
sending us feedback. For that we'll first need some information of the
system you used -- please run these commands in the exact same
terminal session that you ran `rake build` in (e.g. run them right
after `rake build`)!

sudo apt install apt-show-versions || :
(
  for f in /etc/issue /proc/cpuinfo
  do
echo "--- File: ${f} ---"
cat "${f}"
echo
  done
  for c in free locale env 'uname -a' '/usr/sbin/libvirtd --version' \
'qemu-system-x86_64 --version' 'vagrant --version'
  do
echo "--- Command: ${c} ---"
eval "${c}"
echo
  done
  if which apt-show-versions >/dev/null
  then
echo '--- APT package versions ---'
apt-show-versions qemu:amd64 linux-image-amd64:amd64 vagrant \
  libvirt0:amd64
  fi
) | bzip2 > system-info.txt.bz2

Please have a look at the generated file with

bzless system-info.txt.bz2

to make sure it doesn't contain any sensitive information you do not
want to leak in case you send this file to us or make it public!

Next, please follow the instructions below that match your situation!

## If the build failed.

Please open a ticket on our bug tracker [5] with "Category" set to
"Build system" and `system-info.txt.bz2` attached (note that this makes
this file public).

## If the build succeeded ...

Please compute the SHA-512 checksum of the resulting ISO image:

sha512sum tails-amd64-3.2~alpha1.iso

and compare it to:


1c928336264fc44821562f2fffbda4da97dcdc38072fce58f55b749fde04ac60055273cfc021b6c57120c5d276980859ffa3a5b0bd0f9c98851f34b682a09b02
  tails-amd64-3.2~alpha1.iso

Bonus points if you verify the signed (with: [8]) message containing
the checksum below (note that manually inserted line-wraps marked with
"`\`"). If you run Tails, the verification is very easy! :) [9]

- -BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

$ sha512sum tails-amd64-3.2~alpha1.iso
1c928336264fc44821562f2fffbda4da97dcdc38072fce58f55b749f \
de04ac60055273cfc021b6c57120c5d276980859ffa3a5b0bd0f9c98 \
851f34b682a09b02  tails-amd64-3.2~alpha1.iso

- -BEGIN PGP SIGNATURE-

iQJDBAEBCgAtFiEEuiwiL0SsAO2YmTiTmP7GvHUqPbYFAlmxqwAPHHRhaWxzQGJv
dW0ub3JnAAoJEJj+xrx1Kj22RgAP/0auINj6Y5svR7DfeRF8HxPdnd2Rw/8VIiaM
isN3eQoAmNGUtEe50b9VXY+UidCdWtApbZbyZPKFz9ITJOxp0XeSGS8K2+Y0PZIx
NSIEYCx2LEWlzY96ivH2B4pboeq2TIzj/VkPLISYGc80CYRT32OzMRkDDcQn+3+Y
2dkGVf1HPvreZ7c7cUfozay4TNPhKrn2p5IZp1jHgpiq8aAYIv5jcubR//lm1W3S
Ol/IpTQrxzCShJHzsCh1l6/7zLSx5Dv8ITTEIHTj2OTCsZdAcFnznB4byaHVfVQ0
jSogb+b2J6skNhlsHtX2Jo9xK6Ni9NKsCzYYQ2KgWufC93Cvpmh5J164CqkI/DEd
ixe/KbFURP9sTzEL38ExS2DVbMvFvYTmmBmWzvU3USMo0nWfaErye2RIs4yB2pM6
wbs