oo.tar.xz -T filelist --null
Does that seem like the neatest way, or do you have better suggestions?
(I thought this problem would be quite common, so I could add it to the
Wiki FAQ).
Thanks!
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
_
searchon=contents&keywords=.tar.xz
so I wonder if GNU tar itself could make this any easier.
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Package: src:kfreebsd-10
Version: 10.1~svn274115-4
Severity: wishlist
Tags: patch pending
User: reproducible-builds@lists.alioth.debian.org
Usertags: fileordering
Hi,
The kfreebsd-10 (kernel) packaging creates two source tarballs:
* orig.tar.xz, updated by the package maintainer for each new
Steven Chamberlain wrote:
> The attached patch will
be attached.
Index: debian/rules
===
--- debian/rules (revision 5678)
+++ debian/rules (working copy)
@@ -95,7 +95,12 @@
rm -rf $(ORIG_DIR)
svn export --ignore-keywords
tar.xz didn't change; this
would be helpful to future work on .deb deltas or deduplication.
I suggest to only 'clamp' timestamps to the latest entry in
debian/changelog. I think only timestamps newer than this are likely
an issue for reproducibility. Older timest
Steven Chamberlain wrote:
> I suggest to only 'clamp' timestamps to the latest entry in
> debian/changelog.
Something that does along the lines of:
BUILD_DATE = $(shell dpkg-parsechangelog -S Date)
find foo/ -depth -newer debian/changelog \
-exec touch --da
Package: src:kfreebsd-10
Version: 10.1~svn274115-4
Severity: wishlist
Tags: patch pending
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps
Hi,
The kfreebsd-10 (kernel) packaging distributes a source tarball in
kfreebsd-source, a binary arch-indep package.
Some of these file
Package: kfreebsd-source-10.1
Version: 10.1~svn274115-6
Severity: wishlist
Tags: patch pending
User: reproducible-builds@lists.alioth.debian.org
User
Steven Chamberlain wrote:
> [...] I guess we could chmod before building the tarball:
On second thoughts, that's not as efficient as using tar's --mode option
so I'll use that. The example given on the Debian Wiki page is more
comprehensive than my chmod anyway.
ok in /srv/workspace/chroots/ and see if mktemp has perhaps
created a file instead of a directory?
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
signature.asc
Description: Digital signature
___
Reproducible-builds mailing list
Reproducible-bu
iff form instead.
There might still be other reproducibility issues after this.
Thanks,
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
diff -Nru
linux-grsec-4.6.3/debian/patches/features/all/grsec/reproducible-randstruct.patch
linux-grsec-4.6.3/debian/patches/features/all/grsec/reproducible-r
Package: sbuild
Version: 0.73.0-4
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: infrastructure
Hello,
dpkg-buildpackage typically generates a .changes and .buildinfo file,
and signs both (since at least dpkg 1.18.19).
But when using sbuild, dpkg-buildpackage inside of t
least. :)
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
signature.asc
Description: Digital signature
___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Attached is my jessie-kfreebsd implementation. As I said, it should be
much cleaner to implement this in sid with newer GNU tar.
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
diff --git a/build/Makefile b/build/Makefile
index ec5a084..6261a4d 100644
--- a/build/Makefile
+++ b/build/Makefile
sechangelog -SDate) to set
> SOURCE_DATE_EPOCH there would only work when building from the toplevel
> directory, and not from the build/ subdirectory for example. ]
If it's anyway not going to be reproducible, we could similarly fall
back to a SOURCE_DATE_EPOCH ?= now; or the caller co
tamps
I expect that Linux d-i builds will have some reproducibility issues
in whatever generates the initrd or ISOs, but I may look into that after
the jessie-kfreebsd release is done.
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
signature.asc
Description: Digital sign
ATE_EPOCH to a dummy value ("now") if
undefined (since ../debian/changelog may not exist), which we need
when calling makefs from within that Makefile. We export it for use by
gen-tarball to avoid duplication there.
Regards,
--
s long. I thought this was a good
example of the current state-of-the-art, and why we'd like our binaries
and eventually, installer and VM images reproducible IMHO.
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
signature.asc
Description: Di
be a nice demo of diffoscope if it can
do this, although it might not know how to disassemble this properly.
I uploaded the firmwares here but I think something broke... it has been
"in queue, please wait" for over an hour :( The files were 25MB each.
https://try.diffoscope.org/quvzskqbuysh
Rega
Steven Chamberlain wrote:
> I uploaded the firmwares here but I think something broke... it has been
> "in queue, please wait" for over an hour :( The files were 25MB each.
> https://try.diffoscope.org/quvzskqbuysh
Okay, I did eventually finish. As suspected, diffoscope (
pe/commit/302190ac958b35fe95a0c2bc2d2a30f214822fc1
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
signature.asc
Description: Digital signature
___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debia
386_gcc5_nobiarch/
[4]:
https://lists.alioth.debian.org/pipermail/reproducible-builds/Week-of-Mon-20151123/003992.html
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
signature.asc
Description: Digital signature
___
Reproducible-builds mailing list
Reproducible-
Steven Chamberlain wrote:
> using Helmut's tool, I've been able to rebootstrap a minimal Debian
> linux-i386 chroot (445 binary packages[3]). These were cross-compiled
> from source, by only running kfreebsd-amd64 binaries on a FreeBSD
> kernel, and having some Arch:all pac
be a regression over
current behaviour, but can be substituted for ARCHITECTURES="amd64" if
too many arch:all packages FTBFS on armhf.
From a759d049b1fd6deeb24985e57a3b6f4fa2e1f72b Mon Sep 17 00:00:00 2001
From: Steven Chamberlain
Date: Tue, 9 Feb 2016 13:02:13 +
Subject: [PATCH] reproduc
;t actually FTBFS on amd64, but it only produces armel and
arch:all binaries, so it is quite reasonable that this is now only built
and tested for reproducibility on armhf.
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
signature.asc
Descriptio
that dpkg-deb can use?
Probably a new flag, that would apply --mode a=rwx only to symlinks.
Or are there other ideas how to fix this?
Thanks,
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
signature.asc
Description: Digital signature
___
Reproducibl
m_4.9.3-11_kfreebsd-amd64.deb>
| DEBUG unpacking data.tar.xz
The time taken to do all that is now quite small compared to the time
for objdump to run.
I see this maybe still being a problem where, on some machines, my home
directory is littered with hundreds of .debs, and thousands of other
fi
Jérémy Bobbio wrote:
> Steven Chamberlain:
> > But it will still stat() everything in the containing directory,
> > looking for .debs. It also opens some files and reads them - even
> > decompressing random .gz files along the way!
>
> Are you sure that it is actually
Jérémy Bobbio wrote:
> [...] It missed another bit. Thanks for double-checking, I hadn't
> tested the other change properly.
And thanks for fixing this! The changes from diffoscope/48 to 49
have made it 26x faster for this particular test case.
Regards,
--
Steven Chamberlain
ste...@
is still needed yet.
(Annoying that there are so many cheap boards that claim to be/do so
much and yet, are of little practical use if they can only boot a
vendor-supplied kernel).
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
signature.asc
Description: Digital signat
Hi,
I'm curious if anyone has tried using a network filesystem in this kind
of setup. I would think, "diskless" boards sharing a NAS allows for
easier provisioning and probably cheaper storage by centralising it.
Though I don't know how that performs in practice?
Regards,
--
uggestions are welcome.
Many thanks to Vagrant for hosting all these armhf nodes!
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
signature.asc
Description: Digital signature
___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
tags 816072 + fixed-upstream
thanks
tar 1.29 is released today with this feature \o/
Please consider packaging it so that dpkg can fix #759886
Thanks,
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
signature.asc
Description: Digital signature
33 matches
Mail list logo