Bug #16310: Buster IUKs are not built reproducibly

Bug #16310

Buster IUKs are not built reproducibly

Added by intrigeri 2019-01-06 11:25:41 . Updated 2019-01-08 10:40:58 .

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Build system

Target version:

Tails_4.0

Start date:

2019-01-06

Due date:

% Done:

100%

Feature Branch:

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

4.3-3.0tails4 was based on a “new” upstream, with tons of fixes on top of the “old” upstream the official Debian package is based on. squashfs-tools 4.3-7.0tails1 reverted this and went back to the “old” upstream. I seem to remember that some of the fixes brought by the “new” upstream were necessary to build IUKs reproducibly => let’s verify.

Files

diffoscope-iuk-4.3-7.0tails1.html (171165 B)

intrigeri, 2019-01-07 16:44:40

Subtasks

Related issues

Related to Tails - ~~Feature #16285~~: feature/buster branch is not reproducible	Resolved	2019-01-05
Related to Tails - ~~Bug #16294~~: SquashFS metadata is not reproducible in buster	Resolved	2019-01-05

History

#1 Updated by intrigeri 2019-01-06 11:25:50

related to ~~Feature #16285~~: feature/buster branch is not reproducible added

#2 Updated by intrigeri 2019-01-06 11:26:05

related to ~~Bug #16294~~: SquashFS metadata is not reproducible in buster added

#3 Updated by intrigeri 2019-01-06 11:33:17

related to deleted (~~~~Bug #16294~~: SquashFS metadata is not reproducible in buster~~)

#4 Updated by intrigeri 2019-01-06 11:33:24

blocked by ~~Bug #16294~~: SquashFS metadata is not reproducible in buster added

#5 Updated by intrigeri 2019-01-07 16:49:43

File diffoscope-iuk-4.3-7.0tails1.html added
Subject changed from Test IUK build reproducibility with squashfs-tools 4.3-7.0tails1 to Buster IUKs are not built reproducibly
Assignee changed from intrigeri to lamby
Type of work changed from Test to Code

Built an IUK (between two builds of feature/buster FWIW) twice on my sid system with squashfs-tools 1:4.3-7.0tails1 and… they differ :/ Attaching the diffoscope HTML output.

While doing the exact same test with 1:4.3-3.0tails4 produces identical IUKs. So unfortunately, it might be that I was remembering things right and we may need at least one of the patches squashfskit has, that got dropped between 4.3-3.0tails4 and 4.3-7.0tails1. My next step would be to prepare 4.3-8.0tails1 with all squashfskit’s patches applied, and redo this test. What do you think? Wanna prepare this package?

Test procedure:

export IUK_CHECKOUT=/home/intrigeri/tails/iuk/git/
export PERL5LIB_CHECKOUT=/home/intrigeri/tails/perl5lib/git/
export SOURCE_DATE_EPOCH=1536063343
export ARTIFACTS=/home/intrigeri/iso/tails/dev/
for i in 1 2 ; do
    sudo su -c "cd ${IUK_CHECKOUT:?} && \
          SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH \
          LC_ALL=C \
          PERL5LIB=\"${PERL5LIB_CHECKOUT:?}/lib\" \
            ./bin/tails-create-iuk \
               --squashfs-diff-name \"test.squashfs\"           \
               --old-iso ${ARTIFACTS:?}/tails-amd64-feature_buster-3.12-20190105T1511Z-b8a9438cbb.iso \
               --new-iso ${ARTIFACTS:?}/tails-amd64-feature_buster-3.12-20190107T1235Z-c2b3251454.iso \
               --outfile \"${ARTIFACTS:?}/$i.iuk\""
done && cmp ${ARTIFACTS:?}/{1,2}.iuk

#6 Updated by intrigeri 2019-01-08 10:40:39

blocks deleted (~~~~Bug #16294~~: SquashFS metadata is not reproducible in buster~~)

#7 Updated by intrigeri 2019-01-08 10:40:43

Fixed with squashfs-tools 1:4.3-8.0tails1 \o/

#8 Updated by intrigeri 2019-01-08 10:40:58

Status changed from Confirmed to Resolved
Assignee deleted (~~lamby~~)
% Done changed from 0 to 100

#9 Updated by intrigeri 2019-01-08 10:41:06

related to ~~Bug #16294~~: SquashFS metadata is not reproducible in buster added