oss-sec mailing list archives
Re: Reproducible Builds for Fedora
From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Wed, 25 Sep 2013 11:45:38 +0200
Dhiru Kholia wrote:
I have been working on having Reproducible Builds in Fedora for some time. At this point, I think I have something demoable. Ensuring Reproducible Builds is a big task and I want your feedback, ideas, code and support.
In openSUSE we have reproducible binaries to a certain extend. That project was started some years ago with different (non-security) intentions. Since the build service rebuilds packages automatically if any depending package changes, a way was needed to avoid publishing new rpms if the build result result didn't actually change. So there are now some scripts that automatically run at the of a new build and determine with some heuristics whether the new rpms match the old rpms¹. You can see the output of that script in every build log in openSUSE:Factory. cu Ludwig https://build.opensuse.org/package/show/openSUSE:Factory/build-compare -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Current thread:
- Re: Reproducible Builds for Fedora, (continued)
- Re: Reproducible Builds for Fedora Nicolas Vigier (Sep 25)
- Re: Reproducible Builds for Fedora Sebastian Krahmer (Sep 25)
- Re: Reproducible Builds for Fedora Solar Designer (Sep 25)
- Re: Reproducible Builds for Fedora Alexander Cherepanov (Sep 26)
- Re: Reproducible Builds for Fedora Steve Grubb (Sep 26)
- Re: Reproducible Builds for Fedora Alexander Cherepanov (Sep 26)
- Re: Reproducible Builds for Fedora Paul Pluzhnikov (Sep 26)
- Re: Reproducible Builds for Fedora Kurt Seifried (Sep 26)
- Re: Reproducible Builds for Fedora Paul Pluzhnikov (Sep 27)
- Re: Reproducible Builds for Fedora Dhiru Kholia (Sep 26)
- Re: Reproducible Builds for Fedora Moritz Muehlenhoff (Sep 25)
- Re: Reproducible Builds for Fedora Dhiru Kholia (Sep 26)