debrebuild

NAME

debrebuild - use a buildinfo file and snapshot.d.o to recreate binary packages

SYNOPSIS

debrebuild [ options] <buildinfo>

DESCRIPTION

debrebuild <--help|-h>

Given a buildinfo file from a Debian package, generate instructions for attempting to reproduce the binary packages built from the associated source and build information.

OPTIONS

--help, -h

Show this help and exit

--[no-]use-tor-proxy

Whether to fetch resources via tor (socks://127.0.0.1:9050) Assumes "apt-transport-tor" is installed both in host + chroot

--[no-]respect-build-path

Whether to setup the build to use the Build-Path from the provided .buildinfo file.

--buildresults

Directory for the build artifacts (default: ./)

--builder=BUILDER

Which building software should be used. Possible values are none, sbuild, mmdebstrap, dpkg and sbuild+unshare. The default is none. See section BUILDER for details.

Note: debrebuild can parse buildinfo files with and without a GPG signature. However, the signature (if present) is discarded as debrebuild does not support verifying it. If the authenticity or integrity of the buildinfo files are important to you, checking these need to be done before invoking debrebuild, for example by using dscverify. EXAMPLES

$ debrebuild --buildresults=./artifacts --builder=mmdebstrap hello_2.10-2_amd64.buildinfo

BUILDERS debrebuild can use different backends to perform the actual package rebuild. The desired backend is chosen using the --builder option. The default is "none".

none

Dry-run mode. No build is performed.

sbuild

Use sbuild to build the package. This requires sbuild to be setup with schroot chroots of Debian stable distributions.

mmdebstrap

Use mmdebstrap to build the package. This requires no setup and no superuser privileges.

dpkg

Directly run apt-get and dpkg-buildpackage on the current system without chroot. This requires root privileges.

sbuild+unshare

Use sbuild with the unshare backend. This will create the chroot and perform the build without superuser privileges and without any setup.

UNSHARE Before kernel 5.10.1 or before Debian 11 (Bullseye), unprivileged user namespaces were disabled in Debian for security reasons. Refer to Debian bug #898446 for details. To enable user namespaces, run:

$ sudo sysctl -w kernel.unprivileged_userns_clone=1

The sbuild+unshare builder requires and the mmdebstrap builder benefits from having unprivileged user namespaces activated. On Ubuntu they are enabled by default. LIMITATIONS Currently, the code assumes that all packages were at some point part of Debian unstable main. This fails for packages from Debian ports, packages from experimental as well as for locally built packages or packages from third party repositories. Enabling support for Debian ports and experimental is conceptually possible and only needs somebody implementing it.