Title: Reproducing Tails with rebuilderd
Date: 2021-12-03 22:15

In 2018, I managed to [reproducibly build Tails
3.4]({filename}/tails/reproductible_tails.md) on my seemingly undying laptop,
which was pretty cool, but the whole process was a bit too brittle to my taste,
so I called it a day, and ~never tried again.

Fast forward to this year, when a friend of mine,
[kpcyrd](https://github.com/kpcyrd), heavily involved in the [reproducible
builds](https://reproducible-builds.org) cabal, mentioned a project of his,
[rebuilderd](https://github.com/kpcyrd/rebuilderd): a pile of Rust that,
amongst other things, automatically build binaries, compare them to upstream's
artifacts, and spit [in-toto](https://in-toto.io) attestations if everything
matches. And since September 2021, it [supports
Tails](https://vulns.xyz/2021/09/monthly-report)!

[Now]({filename}/misc/2020.md) that I have a beefy hypervisor, I followed the
[documentation](https://github.com/kpcyrd/rebuilderd/blob/main/docs/setup-tails.md),
[fixed](https://github.com/kpcyrd/rebuilderd/pulls?q=is%3Apr+author%3Ajvoisin+is%3Aclosed)
some parts of it, and as a result, I'm now the proud owner of a working
[rebuilderd instance](https://rebuilderd.dustri.org), listed on
[rebuilderd.com](https://rebuilderd.com), automatically rebuilding Tails
releases.

Currently, this isn't really super-useful to anyone, except maybe some Tails
developers who want to check that the [release
manager](https://tails.boum.org/contribute/working_together/roles/release_manager)
didn't backdoor the released image. I might expand my rebuilderd to debian
packages, but I'm a bit worried about the CPU load and the energy consumption
needed to continually rebuild new debian packages… we'll see.