Some reproducible builds notes

[Ed Maste]

On 17 June 2016 at 04:47, Maxim Sobolev <sobomax at freebsd.org> wrote:
> Hi Ed, I have not got time to look at diffoscope myself yet, but it's
> definitely in my short-term TODO list. Quick question for you though. Would
> it work given two tar.bz2 packages or does it need two directories?

It does in fact process two packages, and will recursively unpack
what's inside. It can also take two directories.

Note that it has specific support for .deb and .rpm packages, but
doesn't know about our pkg format right now. It works fine, but just
compares the +MANIFEST etc. as text files rather than doing a slightly
more "human-friendly" presentation.

To generate the diffoscope results I posted I basically did:

for pkg in $(cat nonrepro.txt); do
        timeout $timeout diffoscope \
            --jquery https://code.jquery.com/jquery-2.2.4.min.js \
            --html-dir /mumble/diffoscope/${pkg%.txz} \
            /mumble/build1/$pkg /mumble/build2/$pkg
done

> We
> have code to do just that (i.e. inspect mtree and extract files that differ,
> so if you don't, we can probably contribute that.

Yeah, I think something like this would be a good addition when
pkg-specific support gets added, although perhaps under some flag --
if we had a case where the content was changed from the hash in the
pkg metadata we'd still like to compare and report that. At least for
the way I've used it my use case

> P.S. For anyone interested in Ed's work, here is his BSDCan talk here live:
> https://youtu.be/z7pDnBO5wSM?t=5h37m6s

Thank you for recording it!