Artificial truth

archives | latest | homepage | atom/rss/twitter

The more you see, the less you believe.

Reproducing Tails with rebuilderd
Fri 03 December 2021 — download

In 2018, I managed to reproducibly build Tails 3.4 on my seemingly undying laptop, which was pretty cool, but the whole process was a bit too brittle to my taste, so I called it a day, and ~never tried again.

Fast forward to this year, when a friend of mine, kpcyrd, heavily involved in the reproducible builds cabal, mentioned a project of his, rebuilderd: a pile of Rust that, amongst other things, automatically build binaries, compare them to upstream's artifacts, and spit in-toto attestations if everything matches. And since September 2021, it supports Tails!

Now that I have a beefy hypervisor, I followed the documentation, fixed some parts of it, and as a result, I'm now the proud owner of a working rebuilderd instance, listed on rebuilderd.com, automatically rebuilding Tails releases.

Currently, this isn't really super-useful to anyone, except maybe some Tails developers who want to check that the release manager didn't backdoor the released image. I might expand my rebuilderd to debian packages, but I'm a bit worried about the CPU load and the energy consumption needed to continually rebuild new debian packages… we'll see.