On Wed, Mar 06, 2019 at 09:40:23AM +0000, peter green wrote: > > Because of their design, binNMUs are unreproducible, see #894441 [3] for > > the details (in short: binNMUs are not what they are ment to be: the source > > is changed and thrown away) > To be specific, the source tree is extracted, then an entry is added to > debian/changelog and then the package is built. This modified source > tree is not retained.
indeed. > It seems to me that binnmus could be made reproducible by storing the > debian/changelog modifications in the buildinfo, then re-applying it > at reproduction time. that's actually the case nowadays, not sure since when. eg https://buildinfos.debian.net/ftp-master.debian.org/buildinfo/2019/04/23/dmtx-utils_0.7.6-1.1+b1_kfreebsd-amd64.buildinfo starts like this: Format: 1.0 Source: dmtx-utils (0.7.6-1.1) Binary: dmtx-utils Architecture: kfreebsd-amd64 Version: 0.7.6-1.1+b1 Binary-Only-Changes: dmtx-utils (0.7.6-1.1+b1) sid; urgency=low, binary-only=yes . * Binary-only non-maintainer upload for kfreebsd-amd64; no source changes. * rebuild for libdmtx0b . -- kfreebsd-amd64 / kfreebsd-i386 Build Daemon (kamp) <bui...@kamp.buildd.org> Sun, 14 Apr 2019 01:03:43 +0000 [...] I yet have to actually test if one can bit by bit reproduce binNMUs with this information, but I'm quite very hopeful. -- tschau, Holger ------------------------------------------------------------------------------- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
signature.asc
Description: PGP signature
