Reproducible alpine?!

Reproducible builds enable anyone to reproduce bit by bit identical binary packages from a given source, so that anyone can verify that a given binary derived from the source it was said to be derived. There is more information about reproducible builds on the Debian wiki and on https://reproducible-builds.org. These pages explain in more depth why this is useful, what common issues exist and which workarounds and solutions are known.

Reproducible alpine is an effort to apply this to alpine. Thus alpine packages are build twice, with a few variations added and then the resulting packages from the two builds are compared using diffoscope. Please note that this is still at an early stage. Also there are more variations expected to be seen in the wild. Missing bits for testing alpine:

Missing bits for alpine:

If you want to help out or discuss reproducible builds in alpine, please join #alpine-reproducible on freenode.

There is a weekly run jenkins job to test the master branch of alpine.git. The jenkins job is running reproducible_alpine.sh in a Debian environment and this script is solely responsible for creating this page. Feel invited to join #reproducible-builds (on irc.oftc.net) to request job runs whenever sensible. Patches and other feedback are very much appreciated - if you want to help, please start by looking at the ToDo list for alpine, you might find something easy to contribute.
Thanks to Profitbricks for donating the virtual machines this is running on!

repositoryall source packages reproducible unreproducible failing to build in depwait state download problems blacklisted unknown state
main1856 1771 (95.4%) 34 (1.8%) 0 0 0 0 0
community2002 1786 (89.2%) 80 (3.9%) 0 0 0 0 0
all combined3858 3557 (92.1%) 114 (2.9%) 0 0 0 0 0

( recent builds, currently scheduled )

main stats community stats

total alpine stats

variationfirst buildsecond build
hostname osuosl-build169-amd64 or osuosl-build170-amd64the other one
domainname is not yet varied between rebuilds of alpine.
env CAPTURE_ENVIRONMENTnot setCAPTURE_ENVIRONMENT="I capture the environment"
env TZTZ="/usr/share/zoneinfo/Etc/GMT+12"TZ="/usr/share/zoneinfo/Etc/GMT-14"
env LANGLANG="en_GB.UTF-8"LANG="fr_CH.UTF-8"
env LC_ALLnot setLC_ALL="fr_CH.UTF-8"
env PATHPATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:"PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path"
env USER is not yet varied between rebuilds of alpine.
uid is not yet varied between rebuilds of alpine.
gid is not yet varied between rebuilds of alpine.
UTS namespace is not yet varied between rebuilds of alpine.
kernel version, modified using /usr/bin/linux64 --uname-2.6Linux 4.19.0-6-amd64Linux 2.6.79-6-amd64
umask00220002
CPU type AMD Opteron 62xx class CPUsame for both builds
/bin/sh is not yet varied between rebuilds of alpine.
year, month, datetoday (2019-12-13)same for both builds (currently, work in progress)
hour, minutehour and minute will probably vary between two builds...the future system actually runs 398 days, 6 hours and 23 minutes ahead...
Filesystemtmpfssame for both builds (currently, this could be varied using disorderfs)
everything else...is likely the same. There will be more variations in the wild.