←back to thread

Debian bookworm live images now reproducible

(lwn.net)
764 points bertman | 3 comments | 26 Mar 25 17:22 UTC | HN request time: 0.714s | source
Show context
imcritic ◴[26 Mar 25 17:36 UTC] No.43484638[source]
I don't get how someone achieves reproducibility of builds: what about files metadata like creation/modification timestamps? Do they forge them? Or are these data treated as not important enough (like it 2 files with different metadata but identical contents should have the same checksum when hashed)?
replies(10): >>43484658 #>>43484661 #>>43484682 #>>43484689 #>>43484705 #>>43484760 #>>43485346 #>>43485379 #>>43486079 #>>43488794 #
echoangle ◴[26 Mar 25 18:38 UTC] No.43485379[source]
Maybe dumb question but why would this change the reproducibility? If you clone a git repo, do you not get the meta data as it is stored in git? Or would the files have the modification date of the cloning?

I never actually checked that.

replies(1): >>43485393 #
mathfailure ◴[26 Mar 25 18:40 UTC] No.43485393[source]
You clone source from git, but then you use them to build some artifacts. The artifacts build time may differ, yet with reproducible builds - the artifact should match.
replies(1): >>43485852 #
echoangle ◴[26 Mar 25 19:15 UTC] No.43485852[source]
Right, but if you only clone and build, why would the files modification date be different compared to the version that was committed to git? Does just cloning a repo already lead to different file modification dates in my local copy?
replies(1): >>43485956 #
1. hoten ◴[26 Mar 25 19:22 UTC] No.43485956[source]
Git does not store or restore file modification times.
replies(2): >>43486058 #>>43486400 #
2. codetrotter ◴[26 Mar 25 19:29 UTC] No.43486058[source]
And the reason for that in turn is because if you are on one commit and check out and older commit, then restoring file modification times to what they were at the time of the older commit would cause build tools that look at file modification times to sometimes not pick up on all the changes.
3. echoangle ◴[26 Mar 25 19:52 UTC] No.43486400[source]
Ah ok, that explains it.