Run #4278 with iter30's chroot scrub still produced different ISOs.
The diagnostic was clean and pointed at a tight set of remaining
divergences:
* Inside the squashfs, three files differed:
/var/cache/apt/pkgcache.bin
/var/cache/apt/srcpkgcache.bin
/var/cache/ldconfig/aux-cache
— all post-install binary caches with internal pointers/timestamps
that vary across runs. Standard reproducible-Debian practice is to
drop them; `apt` regenerates pkgcache on first `apt-get update` (and
implicitly when anything else needs it), and ldconfig regenerates
aux-cache on its next run.
* In the outer ISO TOC:
/boot.catalog mtime May 7 21:27 vs May 7 21:44
/live/filesystem.squashfs May 7 21:27 vs May 7 21:44
— xorriso's `-update` and the boot-catalog rewrite were stamping
files with wall-clock time, not SOURCE_DATE_EPOCH.
Two additions to post_process_for_reproducibility:
1. Three more entries in the chroot rm list (apt's two pkgcaches
and ldconfig aux-cache).
2. xorriso post-update fixups:
-alter_date_r m "=${SOURCE_DATE_EPOCH}" /
-volume_date c "=${SOURCE_DATE_EPOCH}"
-volume_date m "=${SOURCE_DATE_EPOCH}"
set every file's mtime in the ISO and both volume-descriptor
dates to the pinned epoch. (`=N` is xorriso's syntax for a
literal decimal epoch.)
If diffoscope flagged everything in run #4278 honestly (its full
output was 3 file diffs in the squashfs + the squashfs metadata
size delta, then nothing — TOC was reduced to just the two mtime
lines), this should clear M1.1.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
SysAdmin
d354040bd6