Re: Reproducible Builds for Fedora

[Ludwig Nussel <ludwig.nussel () suse de>]

Dhiru Kholia wrote:
> I have been working on having Reproducible Builds in Fedora for some
> time.
>
> At this point, I think I have something demoable. Ensuring Reproducible
> Builds is a big task and I want your feedback, ideas, code and support.

In openSUSE we have reproducible binaries to a certain extend. That
project was started some years ago with different (non-security)
intentions. Since the build service rebuilds packages automatically
if any depending package changes, a way was needed to avoid publishing new
rpms if the build result result didn't actually change. So there are
now some scripts that automatically run at the of a new build and
determine with some heuristics whether the new rpms match the old
rpms¹. You can see the output of that script in every build log in
openSUSE:Factory.

cu
Ludwig

https://build.opensuse.org/package/show/openSUSE:Factory/build-compare

--
 (o_   Ludwig Nussel
 //\
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)