A proof-of-concept .buildinfo server

What is this site?

In order to build packages reproducibly, you not only need identical sources but also some external definition of the environment used for a particular build. This definition includes the inputs and the outputs and—in the Debian case—are available in a $package_$version_$architecture.buildinfo file.

It is not currently clear how these files could or should be handled in practice, hence the creation of this server to investigate.

WARNING: The layout, data and schema of this site are highly unstable; please don't rely on anything just yet.


$ gpg --output=- --clearsign my.buildinfo | curl -X PUT --max-time 30 --data-binary @-