Reproducible builds enable anyone to reproduce bit by bit identical binary packages from a given source, so that anyone can verify that a given binary derived from the source it was said to be derived. There is more information about reproducible builds on the Debian wiki and on https://reproducible-builds.org. These pages explain in more depth why this is useful, what common issues exist and which workarounds and solutions are known.
Reproducible alpine is an effort to apply this to alpine. Thus alpine packages are build twice, with a few variations added and then the resulting packages from the two builds are compared using diffoscope. Please note that this is still at an early stage. Also there are more variations expected to be seen in the wild. Missing bits for testing alpine:
- cross references to Debian notes - and having alpine specific notes.
Missing bits for alpine:
- code needs to be written to compare the packages built twice here against newly built packages from the Official alpine repositories.
- user tools, for users to verify all of this easily.
If you want to help out or discuss reproducible builds in alpine, please join #alpine-reproducible on freenode.
There is a weekly run jenkins job to test the master branch of alpine.git. The jenkins job is running reproducible_alpine.sh in a Debian environment and this script is solely responsible for creating this page. Feel invited to join #reproducible-builds (on irc.oftc.net) to request job runs whenever sensible. Patches and other feedback are very much appreciated - if you want to help, please start by looking at the ToDo list for alpine, you might find something easy to contribute.
Thanks to Profitbricks for donating the virtual machines this is running on!
| repository | all source packages | reproducible | unreproducible | failing to build | in depwait state | download problems | blacklisted | unknown state |
|---|---|---|---|---|---|---|---|---|
| main | 0 (tested 0% of 19) | 0 (%) | 0 (%) | 0 (%) | 0 (%) | 0 (%) | 0 (%) | 19 (%) |
| community | 0 (tested 0% of 604) | 0 (%) | 0 (%) | 0 (%) | 0 (%) | 0 (%) | 0 (%) | 604 (%) |
| all combined | 0 (tested 0% of 623) | 0 (%) | 0 (%) | 0 (%) | 0 (%) | 0 (%) | 0 (%) | 623 (%) |
( recent builds, currently scheduled )
| variation | first build | second build |
|---|---|---|
| hostname | osuosl-build169-amd64 or osuosl-build170-amd64 | the other one |
| domainname | is not yet varied between rebuilds of alpine. | |
| env CAPTURE_ENVIRONMENT | not set | CAPTURE_ENVIRONMENT="I capture the environment" |
| env TZ | TZ="/usr/share/zoneinfo/Etc/GMT+12" | TZ="/usr/share/zoneinfo/Etc/GMT-14" |
| env LANG | LANG="en_GB.UTF-8" | LANG="et_EE.UTF-8" |
| env LC_ALL | not set | LC_ALL="et_EE.UTF-8" |
| env PATH | PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:" | PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" |
| env USER | is not yet varied between rebuilds of alpine. | |
| uid | is not yet varied between rebuilds of alpine. | |
| gid | is not yet varied between rebuilds of alpine. | |
| UTS namespace | is not yet varied between rebuilds of alpine. | |
| kernel version, modified using /usr/bin/linux64 --uname-2.6 | Linux 4.19.0-9-amd64 | Linux 2.6.79-9-amd64 |
| umask | 0022 | 0002 |
| CPU type | AMD Opteron 62xx class CPU | same for both builds |
| /bin/sh | is not yet varied between rebuilds of alpine. | |
| year, month, date | today (2020-07-16) | same for both builds (currently, work in progress) |
| hour, minute | hour and minute will probably vary between two builds... | the future system actually runs 398 days, 6 hours and 23 minutes ahead... |
| Filesystem | tmpfs | same for both builds (currently, this could be varied using disorderfs) |
| everything else... | is likely the same. There will be more variations in the wild. | |