Hi Steve, * Steve McIntyre <[email protected]> [2026-04-02 20:55]:
Using snapshot.d.o is an obvious option, yeah! I've used it for this in the past (see example in [1]), but some of our reviewers told me they had issues trying to reproduce as snapshot.d.o wasn't working reliably. That's why I've not relied on it since. I can try again if that would make people happier here?
I assume that those tests where before 2025? Note that DSA moved snapshot.d.o behind Fastly which improved reliability a lot. Also debrebuild works out of the box as a normal user on a pretty minimal Trixie system:
$ debvm-create -r trixie -- --hook-dir=/usr/share/mmdebstrap/hooks/useradd \ --include=sbuild,mmdebstrap,curl,ca-certificates,devscripts,libstring-shellquote-perl,python3-requests,python3-debian,equivs,uidmap,iproute2,gpgv $ debvm-run -- -m 8G # su - user $ wcurl https://buildinfos.debian.net/buildinfo-pool/s/shim/shim_16.1-1_amd64.buildinfo $ debrebuild --buildresult=out --builder=sbuild+unshare --cache=cache shim_16.1-1_amd64.buildinfo [..] checking shim-helpers-amd64-signed-template_16.1-1_amd64.deb: size... sha1... md5... sha256... all OK checking shim-unsigned_16.1-1_amd64.deb: size... sha256... sha1... md5... all OK Full output should be similar to: https://reproduce.debian.net/amd64/api/v1/builds/159185/logBtw. reproduce.d.n is using snapsot.d.o and reliably recompiled all of Debian over the last one and a half years.
So I would be really interested in your findings. Cheers Jochen
signature.asc
Description: PGP signature
