Reproducible builds enable anyone to reproduce bit by bit identical binary packages from a given source, so that anyone can verify that a given binary derived from the source it was said to be derived. There is more information about reproducible builds on the Debian wiki and on https://reproducible-builds.org. These pages explain in more depth why this is useful, what common issues exist and which workarounds and solutions are known.
Reproducible Arch Linux is an effort to apply this to Arch Linux. Thus Arch Linux packages are build twice, with a few variations added and then the resulting packages from the two builds are compared using diffoscope. Please note that this is still at an early stage. Also there are more variations expected to be seen in the wild. Missing bits for testing Arch Linux:
- cross references to Debian notes - and having Arch Linux specific notes.
Missing bits for Arch Linux:
- pacman 5.1.0 is now in the official Arch repository, with full support by default for reproducible builds. In order to test this:
- all packages need to be rebuilt so that they include .BUILDINFO files.
- code needs to be written to compare the packages built twice here against newly built packages from the Official Arch Linux repositories.
- user tools, for users to verify all of this easily.
If you want to help out or discuss reproducible builds in Arch Linux, please join #archlinux-reproducible on freenode.
|variation||first build||second build|
|hostname||profitbricks-build3-amd64 or profitbricks-build4-amd64||the other one|
|domainname||is not yet varied between rebuilds of Arch Linux.|
|the build path||is not yet varied between rebuilds of Arch Linux|
|env PATH||is set to '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' because that's what makechrootpkg is using|
|env USER||jenkins||build 2|
|kernel version||is varied between rebuilds of Arch Linux.|
|CPU type||AMD Opteron 62xx class CPU||same for both builds|
|year, month, date||osuosl-build169-amd64: today () or osuosl-build170-amd64: 398 days in the future (2020-02-18)||the other one|
|hour, minute||hour and minute will probably vary between two builds...||the future system actually runs 398 days, 6 hours and 23 minutes ahead...|
|Filesystem||tmpfs||same for both builds (currently, this could be varied using disorderfs)|
|everything else...||is likely the same. There will be more variations in the wild.|