oss-sec mailing list archives
Re: Reproducible Builds for Fedora
From: Moritz Muehlenhoff <jmm () debian org>
Date: Wed, 25 Sep 2013 18:07:55 +0200
On Wed, Sep 25, 2013 at 11:45:38AM +0200, Ludwig Nussel wrote:
Dhiru Kholia wrote:I have been working on having Reproducible Builds in Fedora for some time. At this point, I think I have something demoable. Ensuring Reproducible Builds is a big task and I want your feedback, ideas, code and support.In openSUSE we have reproducible binaries to a certain extend. That project was started some years ago with different (non-security) intentions. Since the build service rebuilds packages automatically if any depending package changes, a way was needed to avoid publishing new rpms if the build result result didn't actually change. So there are now some scripts that automatically run at the of a new build and determine with some heuristics whether the new rpms match the old rpmsĀ¹. You can see the output of that script in every build log in openSUSE:Factory.
There are similar efforts for Debian: https://wiki.debian.org/ReproducibleBuilds Cheers, Moritz
Current thread:
- Re: Reproducible Builds for Fedora, (continued)
- Re: Reproducible Builds for Fedora Sebastian Krahmer (Sep 25)
- Re: Reproducible Builds for Fedora Solar Designer (Sep 25)
- Re: Reproducible Builds for Fedora Alexander Cherepanov (Sep 26)
- Re: Reproducible Builds for Fedora Steve Grubb (Sep 26)
- Re: Reproducible Builds for Fedora Alexander Cherepanov (Sep 26)
- Re: Reproducible Builds for Fedora Paul Pluzhnikov (Sep 26)
- Re: Reproducible Builds for Fedora Kurt Seifried (Sep 26)
- Re: Reproducible Builds for Fedora Paul Pluzhnikov (Sep 27)
- Re: Reproducible Builds for Fedora Dhiru Kholia (Sep 26)
- Re: Reproducible Builds for Fedora Moritz Muehlenhoff (Sep 25)
- Re: Reproducible Builds for Fedora Dhiru Kholia (Sep 26)