On 19/07/18 08:15, Eli Schwartz wrote:
On 07/18/2018 06:07 PM, Allan McRae wrote:
On 19/07/18 02:12, Eli Schwartz wrote:
Encode information about the compiler and strip flags used, as these will impact the resulting generated binaries.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> ---
Fairly sure we already rejected this... The assumption is that a distribution is using the default makepkg.conf options unless they are explicitly changed in the PKGBUILD.
I don't recall where we rejected this?
Anyway, reproducibility is not just about reproducing packages created by devtools. It would be nice to be able to reproduce any package. :)
It's also been noted on IRC that we could use it to detect packages built with an *old* makepkg.conf in devtools chroots.
Then you need to include all relevant environmental variables too. And given we don't know which are relevant, we need to include all. Which had privacy implications. Assumptions need to be made for reproducibilty. I'm happy with the package being built in a clean chroot as that assumption. A