> On Apr 2, 2024, at 1:11 PM, John Gilmore wrote:
>
> For me, the distinction is that the local storage is under the direct
> control of the person trying to rebuild, while the network and the
> servers elsewhere in the network are not. If local storage is
> unreliable, you can fix or
On Tue, 2024-04-02 at 10:11 -0700, John Gilmore wrote:
> James Addison wrote that local storage can contain errors. I agree.
>
> > My guess is that we could get into near-unsolvable philosophical territory
> > along this path, but I think it's worth being skeptical of the notions that
> >
James Addison wrote that local storage can contain errors. I agree.
> My guess is that we could get into near-unsolvable philosophical territory
> along this path, but I think it's worth being skeptical of the notions that
> local-storage is always trustworthy and that the network should always
Hi John,
On Fri, 29 Mar 2024 at 19:29, John Gilmore wrote:
>
> kpcyrd wrote:
> > 1) There's currently no way to tell if a package can be built offline
> > (without trying yourself).
>
> Packages that can't be built offline are not reproducible, by
> definition. They depend on outside events
John Gilmore:
> kpcyrd wrote:
>> 1) There's currently no way to tell if a package can be built offline
>> (without trying yourself).
>
> Packages that can't be built offline are not reproducible, by
> definition. They depend on outside events and circumstances
> in order for a third party to
kpcyrd wrote:
> 1) There's currently no way to tell if a package can be built offline
> (without trying yourself).
Packages that can't be built offline are not reproducible, by
definition. They depend on outside events and circumstances
in order for a third party to reproduce them
On 3/29/24 6:48 AM, John Gilmore wrote:
John Gilmore wrote:
Bootstrappable builds are a different thing. Worthwhile, but not
what I was asking for. I just wanted provable reproducibility from two
ISO images and nothing more.
I was asking that a bare amd64 be able to boot from an Arch Linux
John Gilmore wrote:
> It seems to me that the next step in making the Arch release ISOs
> reproducible is to have the Arch release engineering team create a
> source-code release ISO that matches each binary release ISO. Then you
> (or anyone) could test the reproducibility of the release by
On 3/26/24 5:03 PM, Michael Schierl via rb-general wrote:
So we can expect many year/month pairs embedded in manpages that got
unnoticed since mostly the build happens in the same month? Or have they
been manually vetted?
The results on reproducible.archlinux.org don't aim to guarantee the
Hey kpcyrd,
Super excited about the energy in this thread. :)
I'll probably reply to a different part of the conversation
tomorrow, but just to very quickly append something to this bit:
> This kind of [archive] service is crucial for implementing
> reproducible builds (because this is used to
On 21/03/2024 21.38, kpcyrd wrote:
- libjpeg-turbo: this package contains a .jar file that is built by
CMake and contains timestamps of the buildtime, but there's no way in
CMake to pass --date to the jar executable to normalize this
You could use strip-nondeterminism for post-processing
Congratulations on closing in toward Arch Linux reproducibility!!!
kpcyrd wrote:
> Specifically what I mean - given a line like this:
>
> FROM
> archlinux@sha256:2dbd72d1e5510e047db7f441bf9069e9c53391b87e04e5bee3f379cd03cec060
>
> I want to reproduce the artifact(s) that are pulled in by this,
On 3/20/24 19:21, David A. Wheeler via rb-general wrote:
But you know what I'm going to ask :-). What steps are left, if any, before the
"normal" Arch Linux packages that people install are reproducible (at least in
core Arch Linux)? Has that milestone been achieved? Will it be achieved once
> On Mar 20, 2024, at 8:42 AM, kpcyrd wrote:
>
> hello,
>
> in last week's email to the reproducible-builds email list[1] about
> reproducible Arch Linux I mentioned there's only one unreproducible package
> left in docker.io/library/archlinux.
>
> [1]:
>
hello,
in last week's email to the reproducible-builds email list[1] about
reproducible Arch Linux I mentioned there's only one unreproducible
package left in docker.io/library/archlinux.
[1]:
https://lists.reproducible-builds.org/pipermail/rb-general/2024-March/003291.html
Due to amazing
15 matches
Mail list logo