Reproducing Tails with rebuilderd
source link: https://dustri.org/b/reproducing-tails-with-rebuilderd.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Artificial truth
archives | latest | homepage | atom/rss/twitter
In 2018, I managed to reproducibly build Tails 3.4 on my seemingly undying laptop, which was pretty cool, but the whole process was a bit too brittle to my taste, so I called it a day, and ~never tried again.
Fast forward to this year, when a friend of mine, kpcyrd, heavily involved in the reproducible builds cabal, mentioned a project of his, rebuilderd: a pile of Rust that, amongst other things, automatically build binaries, compare them to upstream's artifacts, and spit in-toto attestations if everything matches. And since September 2021, it supports Tails!
Now that I have a beefy hypervisor, I followed the documentation, fixed some parts of it, and as a result, I'm now the proud owner of a working rebuilderd instance, listed on rebuilderd.com, automatically rebuilding Tails releases.
Currently, this isn't really super-useful to anyone, except maybe some Tails developers who want to check that the release manager didn't backdoor the released image. I might expand my rebuilderd to debian packages, but I'm a bit worried about the CPU load and the energy consumption needed to continually rebuild new debian packages… we'll see.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK