debrebuild - use a buildinfo file and snapshot.d.o to recreate binary packages
debrebuild [options] <buildinfo>
- debrebuild <--help|-h>
Given a buildinfo file from a Debian package, generate instructions for attempting to reproduce the binary packages built from the associated source and build information.
- --help, -h
- Show this help and exit
- Whether to fetch resources via tor (socks://127.0.0.1:9050) Assumes "apt-transport-tor" is installed both in host + chroot
- Whether to setup the build to use the Build-Path from the provided .buildinfo file.
- Directory for the build artifacts (default: ./)
- Which building software should be used. Possible values are none, sbuild, mmdebstrap, dpkg and sbuild+unshare. The default is none. See section BUILDER for details.
- --timestamp, -t
- The required unstable main timestamps from snapshot.d.o if you already know them, separated by commas, or one of the values "first_seen" or "metasnap". See section TIMESTAMPS.
Note: debrebuild can parse buildinfo files with and without a GPG signature. However, the signature (if present) is discarded as debrebuild does not support verifying it. If the authenticity or integrity of the buildinfo files are important to you, checking these need to be done before invoking debrebuild, for example by using dscverify.
- $ debrebuild --buildresults=./artifacts --builder=mmdebstrap hello_2.10-2_amd64.buildinfo
debrebuild can use different backends to perform the actual package rebuild. The desired backend is chosen using the --builder option. The default is "none".
- Dry-run mode. No build is performed.
- Use sbuild to build the package. This requires sbuild to be setup with schroot chroots of Debian stable distributions.
- Use mmdebstrap to build the package. This requires no setup and no superuser privileges.
- Directly run apt-get and dpkg-buildpackage on the current system without chroot. This requires root privileges.
- Use sbuild with the unshare backend. This will create the chroot and perform the build without superuser privileges and without any setup.
The --timestamp option allows one to skip the step of figuring out the correct set of required timestamps by listing them separated by commas in the same format used in the snapshot.d.o URL. The default is to use the "first_seen" attribute from the snapshot.d.o API and download multiple Packages files until all required timestamps are found. To explicitly select this mode, use --timestamp=first_seen. Lastly, the metasnap.d.n service can be used to figure out the right set of timestamps. This mode can be selected by using --timestamp=metasnap. In contrast to the "first_seen" mode, the metasnap.d.n service will always return a minimal set of timestamps if the package versions were at some point part of Debian unstable main.
Before kernel 5.10.1 or before Debian 11 (Bullseye), unprivileged user namespaces were disabled in Debian for security reasons. Refer to Debian bug #898446 for details. To enable user namespaces, run:
- $ sudo sysctl -w kernel.unprivileged_userns_clone=1
The sbuild+unshare builder requires and the mmdebstrap builder benefits from having unprivileged user namespaces activated. On Ubuntu they are enabled by default.
Currently, the code assumes that all packages were at some point part of Debian unstable main. This fails for packages from Debian ports, packages from experimental as well as for locally built packages or packages from third party repositories. Enabling support for Debian ports and experimental is conceptually possible and only needs somebody implementing it.
|August 2021||debrebuild 2.21.3+deb11u1|