[PureOS] Using SOURCE_DATE_EPOCH env var in PureOS builds
Jeremiah C. Foster
jeremiah.foster at puri.sm
Fri Jul 12 06:56:46 PDT 2019
Hi,
I impatiently added the SOURCE_DATE_EPOCH to the version of make-live
that we use to build PureOS images. It seems to have made a difference
though not completely eliminated our blockers to reproducibility;
http://45.33.86.90/pureos-8.0-images.html
While the byte-for-byte difference now is much smaller, and the date is
consistent across builds in the ISO at least, other parts of the build
are getting the date from the file system I believe.
For example, under the section casper/filesystem.squashfs[0.]
unsqaushfs -s {} says;
2 Creation·or·last·append·time·Fri·Jul·12·07:12:11·2019
2 Creation·or·last·append·time·Fri·Jul·12·05:11:57·2019
The leads me to believe that I need to ensure that SOURCE_DATE_EPOCH is
being seen when the squashfs file system is written using Lamby's debug
method of printing "echo SDE=$SOURCE_DATE_EPOCH" in various places to
determine if it's being seen in each build context.
After that I think the next step, or even a step to take anyway, is to
run strip-nondeterminism over the resulting ISOs[1.]
0. http://45.33.86.90/pureos-8.0-images.html#casper-filesystem.squashfs
1. https://packages.debian.org/sid/strip-nondeterminism
Feedback, corrections most welcome.
Regards,
Jeremiah
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part
URL: <http://lists.puri.sm/pipermail/pureos-project/attachments/20190712/0fab1270/attachment-0001.sig>
More information about the Pureos-project
mailing list