[prev in list] [next in list] [prev in thread] [next in thread]
List: qubes-devel
Subject: Re: [qubes-devel] Deterministic builds for Qubes OS -- the shortcut?
From: Holger Levsen <holger () layer-acht ! org>
Date: 2015-12-23 13:59:18
Message-ID: 201512231459.20370.holger () layer-acht ! org
[Download RAW message or body]
Hi,
On Dienstag, 22. Dezember 2015, HW42 wrote:
> But since we focus (for now) only on direct Qubes components this doesn't
> need to bother us. I made some tests and the Qubes specific debian
> packages are already reproducible when using the patched dpkg+debhelper.
> On similar patches for Fedora/rpm are already be worked on.
can you give me that list of packages please so I can add package sets like we
already have for tails or grml:
https://reproducible.debian.net/unstable/amd64/pkg_set_tails.html
https://reproducible.debian.net/unstable/amd64/pkg_set_tails_build-depends.html
https://reproducible.debian.net/unstable/amd64/pkg_set_grml.html
https://reproducible.debian.net/unstable/amd64/pkg_set_grml_build-depends.html
> A little bit more work will be needed to get the installer ISO and the
> template images reproducible. But here we can use a pragmatic approach
> (i.e. instead of waiting to get all things fixed upstream use
> postprocessing and local patches) and also get this with manageable
> effort/time.
I agree.
> Some notes on the proposed approach:
>
> Partially this is already done. Gitian [4] uses a predefined VM image to
> build the software in it. For example this is used for the Tor Browser
Yup, I was going to suggest to look at gitian too.
Another thing I forgot to mention in my previous mail: there has been some
work done on reproducible installations already, see here:
https://wiki.debian.org/ReproducibleInstalls
cheers,
Holger
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic