Hi n9iu7pk,
I can confirm that everything's still alright with DNS redirection. I can successfully get the build to the point where it installs the debian packages on 6.1/raspi. The error you see is typical of when you're trying to install the packages from the original Tails repo. Since I disabled Tail's APT key verification, you'll only be able to install packages from the Debian archive (or, on the 6.1/raspi branch, from Raspberry's own repo, of which I added the key), and if you're not correctly hijacking the DNS and actually connecting to the Tails repo the build will fail with that error, it sees the repo is signed by Tails and rejects it. Since you said you previously built on the 6.1/raspi branch, I assume you are now correctly redirecting tagged.snapshots.deb.tails.boum.org as well, like I wrote before. Then I'm not sure what your issue could be. Perhaps you could try deleting the apt cache like you did the last time you had similar issues?
Asides from this, unfortunately the 6.1 branches will never build again due to
https://gitlab.tails.boum.org/tails/tails/-/issues/20327. Debian sid's package webext-ublock-origin-firefox got updated to v1.57 some time after April 6th and the 10-tbb local hook (config/chroot_local-hooks/10-tbb) does not apply one patch cleanly anymore. As a result, the 99-zzz_check-for-dot-orig-files local hook makes the build fail with the error
```
Checking for .orig files
E: Some patches are fuzzy and leave .orig files around:
/usr/sbin/start-stop-daemon.orig
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/uBlock0@???/js/background.js.orig
E: config/chroot_local-hooks/99-zzz_check-for-dot-orig-files failed (exit non-zero). You should check for errors.
```
Since the arm64 builds don't use snapshots, there's no way for me to prevent this kind of things. Unfortunately, if packages in Debian get upgraded, old builds may well fail. Since the 6.1/* branches are essentially frozen in time, I will not patch them. What I can and will do is keep an eye on the aforementioned issue and update the wip/* branches so that the fix gets picked up ASAP (I already have 6.2/* branches locally, but they will fail to build too until the ublock thing is fixed upstream).
BTW a package upgrade, I believe, is also the reason why you didn't obtain the same sha256sums when you built 6.1/raspi. Again due to the lack of arm64 snapshots, builds are reproducible only if packages are not subject to upgrades between an earlier and a later build, unfortunately. I'd bet if you'd compared your *.packages file with mine you'd have found differences.
If going ahead you have suggestions on how to improve the patchset feel free to tell me! If you find it useful you may even send me MRs on Gitlab, otherwise write here or send me a direct email.
En passing, do you happen to know how much space the amd64 Debian snapshots in use by Tails take up?
Best,
NC
