Recent comments on posts in the blog:
Thanks for your input. It seems this tools only patches the final executable to reset some metadata.
AFAICS this alleviates the need for a patched binutils and works on VC++ binaries, however this is a fraction of what makes a build reproducible.
Actually Debian Docker images are now marked as "official", and there is some work to make them reproducible https://github.com/debuerreotype/debuerreotype
Although I didn't figure out how to verify the checksum of said images - probably worth a separate post.
The particular issue of varying BuildID-s due to the debugging symbols can actually be fixed through -fdebug-prefix-map already, e.g.:
$ (cd repro && gcc-6 -g hello.c -o hello && sha256sum hello)
9d41920af912b8d1810f75940489ee99b6e6712788b5a54e1d1829fe84e7ed96 hello
$ (cd repro-b && gcc-6 -g hello.c -o hello && sha256sum hello)
bb99335f4d2242506b75f1f8d437d9b85877cf42c4cbf734ed5eca0b73f7ace0 hello
$ (cd repro && gcc-6 -fdebug-prefix-map=$(pwd)=/ -g hello.c -o hello && sha256sum hello)
fbdf49c11b4b4138bff7fb2cacaa5304690bfa748d4455dc67585cf4325eed06 hello
$ (cd repro-b && gcc-6 -fdebug-prefix-map=$(pwd)=/ -g hello.c -o hello && sha256sum hello)
fbdf49c11b4b4138bff7fb2cacaa5304690bfa748d4455dc67585cf4325eed06 hello
I wish I was told earlier.
I've been using fossil for months, and I can think of 3 feature which is much better than in git - opensource. All of it. - It has a single sqlite database (single file) - you can checkout to multiple directories, multiple revisions (helped me a lot)
Hi, if you don't know about .zed files, you can forget about it and return to your happy life!
I'm not going to advertise those products.
What product(s) use .zed?
I've never heard of it, so a long blog post without context is meaningless to me. Please provide some context as to why people care about your work.