Project

General

Profile

Bug #16310

Buster IUKs are not built reproducibly

Added by intrigeri 10 days ago. Updated 8 days ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Build system
Target version:
Start date:
01/06/2019
Due date:
% Done:

100%

QA Check:
Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

4.3-3.0tails4 was based on a "new" upstream, with tons of fixes on top of the "old" upstream the official Debian package is based on. squashfs-tools 4.3-7.0tails1 reverted this and went back to the "old" upstream. I seem to remember that some of the fixes brought by the "new" upstream were necessary to build IUKs reproducibly => let's verify.

diffoscope-iuk-4.3-7.0tails1.html View (167 KB) intrigeri, 01/07/2019 04:44 PM


Related issues

Related to Tails - Feature #16285: feature/buster branch is not reproducible Resolved 01/05/2019
Related to Tails - Bug #16294: SquashFS metadata is not reproducible in buster Resolved 01/05/2019

History

#1 Updated by intrigeri 10 days ago

  • Related to Feature #16285: feature/buster branch is not reproducible added

#2 Updated by intrigeri 10 days ago

  • Related to Bug #16294: SquashFS metadata is not reproducible in buster added

#3 Updated by intrigeri 10 days ago

  • Related to deleted (Bug #16294: SquashFS metadata is not reproducible in buster)

#4 Updated by intrigeri 10 days ago

  • Blocked by Bug #16294: SquashFS metadata is not reproducible in buster added

#5 Updated by intrigeri 8 days ago

  • File diffoscope-iuk-4.3-7.0tails1.html View added
  • Subject changed from Test IUK build reproducibility with squashfs-tools 4.3-7.0tails1 to Buster IUKs are not built reproducibly
  • Assignee changed from intrigeri to lamby
  • Type of work changed from Test to Code

Built an IUK (between two builds of feature/buster FWIW) twice on my sid system with squashfs-tools 1:4.3-7.0tails1 and… they differ :/ Attaching the diffoscope HTML output.

While doing the exact same test with 1:4.3-3.0tails4 produces identical IUKs. So unfortunately, it might be that I was remembering things right and we may need at least one of the patches squashfskit has, that got dropped between 4.3-3.0tails4 and 4.3-7.0tails1. My next step would be to prepare 4.3-8.0tails1 with all squashfskit's patches applied, and redo this test. What do you think? Wanna prepare this package?

Test procedure:

export IUK_CHECKOUT=/home/intrigeri/tails/iuk/git/
export PERL5LIB_CHECKOUT=/home/intrigeri/tails/perl5lib/git/
export SOURCE_DATE_EPOCH=1536063343
export ARTIFACTS=/home/intrigeri/iso/tails/dev/
for i in 1 2 ; do
    sudo su -c "cd ${IUK_CHECKOUT:?} && \
          SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH \
          LC_ALL=C \
          PERL5LIB=\"${PERL5LIB_CHECKOUT:?}/lib\" \
            ./bin/tails-create-iuk \
               --squashfs-diff-name \"test.squashfs\"           \
               --old-iso ${ARTIFACTS:?}/tails-amd64-feature_buster-3.12-20190105T1511Z-b8a9438cbb.iso \
               --new-iso ${ARTIFACTS:?}/tails-amd64-feature_buster-3.12-20190107T1235Z-c2b3251454.iso \
               --outfile \"${ARTIFACTS:?}/$i.iuk\"" 
done && cmp ${ARTIFACTS:?}/{1,2}.iuk

#6 Updated by intrigeri 8 days ago

  • Blocked by deleted (Bug #16294: SquashFS metadata is not reproducible in buster)

#7 Updated by intrigeri 8 days ago

Fixed with squashfs-tools 1:4.3-8.0tails1 \o/

#8 Updated by intrigeri 8 days ago

  • Status changed from Confirmed to Resolved
  • Assignee deleted (lamby)
  • % Done changed from 0 to 100

#9 Updated by intrigeri 8 days ago

  • Related to Bug #16294: SquashFS metadata is not reproducible in buster added

Also available in: Atom PDF