[pacman-dev] [RFC PATCH] makepkg: extend the .BUILDINFO for enhanced reproducible support
allan at archlinux.org
Wed Jul 18 22:26:45 UTC 2018
On 19/07/18 08:15, Eli Schwartz wrote:
> On 07/18/2018 06:07 PM, Allan McRae wrote:
>> On 19/07/18 02:12, Eli Schwartz wrote:
>>> Encode information about the compiler and strip flags used, as these
>>> will impact the resulting generated binaries.
>>> Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
>> Fairly sure we already rejected this... The assumption is that a
>> distribution is using the default makepkg.conf options unless they are
>> explicitly changed in the PKGBUILD.
> I don't recall where we rejected this?
> Anyway, reproducibility is not just about reproducing packages created
> by devtools. It would be nice to be able to reproduce any package. :)
> It's also been noted on IRC that we could use it to detect packages
> built with an *old* makepkg.conf in devtools chroots.
Then you need to include all relevant environmental variables too. And
given we don't know which are relevant, we need to include all. Which
had privacy implications.
Assumptions need to be made for reproducibilty. I'm happy with the
package being built in a clean chroot as that assumption.
More information about the pacman-dev