Fedora RPM Reproducibility: Metadata Discrepancies in qubes-core-admin-client Build Comparison #9500
Labels
C: builder
Qubes Builder
needs diagnosis
Requires technical diagnosis from developer. Replace with "diagnosed" or remove if otherwise closed.
P: default
Priority: default. Default priority for new issues, to be replaced given sufficient information.
T: bug
Type: bug report. A problem or defect resulting in unintended behavior in something that exists.
Update on Build Comparisons
I have performed a comparison of the builds and their respective .buildinfo files. Here are the details:
Build Comparison
Key differences observed:
The comparison report highlighted differences in the RPM files between the old and new builds, particularly in the headers:
SIGMD5:
The MD5 signature of the packages differed, indicating that the contents or metadata may have changed.
SHA1HEADER:
There was a change in the SHA1 header values, which typically signifies that the files' contents are not identical.
SHA256HEADER:
Similar to the above, the SHA256 header also showed differences, further confirming changes in the file contents or metadata.
.buildinfo Comparison
Notable points from the comparison
The .buildinfo files from both builds contained notable differences in the following areas:
Build Timestamp:
The timestamp indicating when the builds were created was different, reflecting that the builds were indeed performed at different times.
Dependencies:
There may have been changes in the listed dependencies, reflecting updates or modifications in the package requirements for the builds.
Conclusion
The comparisons indicate that while the core contents of the RPM files may not have differed significantly, the headers show variations, and the .buildinfo files reflect the new build's metadata changes. This suggests that the builds were executed correctly, and changes were introduced as expected.
The text was updated successfully, but these errors were encountered: