Date: Mon, 09 Dec 2024 03:07:37 -0800 From: "Pat Maddox" <pat@patmaddox.com> To: freebsd-hackers@freebsd.org Subject: Reproducible builds: are release tarballs a part of it? Message-ID: <3388409d-479d-4ef0-a8e4-38144a96d9c5@app.fastmail.com>
next in thread | raw e-mail | index | archive | help
I am trying to reproduce https://download.freebsd.org/releases/amd64/14.2-RELEASE/MANIFEST from source. Is that possible? As part of this effort, I am having trouble reproducing base.txz across any two builds at all - much less the published one. What I'm seeing is that two successive invocations of `make -s -j20 -DWITH_REPRODUCIBLE_BUILD TZ=UTC PKG_TIMESTAMP=1733729386 packagesystem` will produce tarballs with different checksums, even though when extracted will match mtree cksum. `tar -tf` shows the file list as being in a different order, which I suspect is the reason why. They also have different timestamps. I would like to be able to clone the repo at REVISION, run make, and produce a matching MANIFEST. Before I do that, I would like to do two consecutive runs on my local tree and get the same result. Assuming it's possible, what's the command? Pat
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3388409d-479d-4ef0-a8e4-38144a96d9c5>