Reproducible NetBSD !

Reproducible builds enable anyone to reproduce bit by bit identical binary packages from a given source, so that anyone can verify that a given binary derived from the source it was said to be derived. There is more information about reproducible builds on the Debian wiki and on https://reproducible-builds.org. These pages explain in more depth why this is useful, what common issues exist and which workarounds and solutions are known.

Reproducible NetBSD is an effort to apply this to NetBSD. Thus each NetBSD target is build twice, with a few variations added and then the resulting files from the two builds are compared using diffoscope. Please note that the toolchain is not varied at all as the rebuild happens on exactly the same system. More variations are expected to be seen in the wild.

There is a weekly run jenkins job to test the master branch of netbsd.git. The jenkins job is running reproducible_netbsd.sh in a Debian environment and this script is solely responsible for creating this page. Feel invited to join #reproducible-builds (on irc.oftc.net) to request job runs whenever sensible. Patches and other feedback are very much appreciated - if you want to help, please start by looking at the ToDo list for NetBSD, you might find something easy to contribute.
Thanks to IONOS for donating the virtual machines this is running on!

33 (100.0%) out of 33 built NetBSD files were reproducible in our test setup ! These tests were last run on 2024-11-13 for rev 8a751b5cf with -P (as of @1731489952) and were compared using diffoscope 283.

variation	first build	second build
hostname	osuosl1-amd64 or osuosl2-amd64	the other one
domainname	is not yet varied between rebuilds of NetBSD.
env CAPTURE_ENVIRONMENT	not set	CAPTURE_ENVIRONMENT="I capture the environment"
env TZ	TZ="/usr/share/zoneinfo/Etc/GMT+12"	TZ="/usr/share/zoneinfo/Etc/GMT-14"
env LANG	LANG="en_GB.UTF-8"	LANG="et_EE.UTF-8"
env LC_ALL	not set	LC_ALL="et_EE.UTF-8"
env PATH	PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:"	PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path"
env USER	is not yet varied between rebuilds of NetBSD.
uid	is not yet varied between rebuilds of NetBSD.
gid	is not yet varied between rebuilds of NetBSD.
UTS namespace	is not yet varied between rebuilds of NetBSD.
Source dir	$TEMPDIR/b1-$arch-$mach/	$TEMPDIR/b2-$arch-$mach/
Release dir	$TEMPDIR/b1-$arch-$mach/_release_/	$TEMPDIR/b2-$arch-$mach/_release_/
kernel version, modified using /usr/bin/linux64 --uname-2.6	Linux 6.10.11+bpo-amd64	Linux 2.6.70+bpo-amd64
umask	0022	0002
CPU type	AMD Opteron(tm) Processor 4284	same for both builds
/bin/sh	is not yet varied between rebuilds of NetBSD.
year, month, date	today (2024-11-13)	same for both builds (currently, work in progress)
hour, minute	hour and minute will probably vary between two builds...	the future system actually runs 398 days, 6 hours and 23 minutes ahead...
Filesystem	tmpfs	same for both builds (currently, this could be varied using disorderfs)
everything else...	is likely the same. There will be more variations in the wild.

Reproducible artifacts for `sparc64-sparc64`
images/NetBSD-10.99.12-sparc64-dvd.iso (858260e36d146d92f25ce201fa5b2c8cf409a9df5ad7d1d4ce593a8baa65b2a1, 643MiB) is reproducible.
images/NetBSD-10.99.12-sparc64-live.img.gz (c17ecdd25aaec58c93704b41cf940bb73950371190cae778130ce046e2c669a5, 327MiB) is reproducible.
images/NetBSD-10.99.12-sparc64.iso (dd2c1ff94b0211adf79e435bc68ef9b95194919536f247be000c6eb67fdb1da6, 600MiB) is reproducible.
sparc64/INSTALL.html (f1463c0f1ad4edafbe19b320166745cbed89de27c54632ceefc2550b7876d898, 127KiB) is reproducible.
sparc64/INSTALL.more (0c116b84b6d5a0969b73bce66f7f1267573095fcff1c52028a069578d88bbabe, 122KiB) is reproducible.
sparc64/INSTALL.ps (37d3db994ca293cf4a90233f7796159c9be502a61ac7e6b75e6ce6f14abc5b18, 198KiB) is reproducible.
sparc64/INSTALL.txt (54bd9f7788cb342d6f08418a3722a7462695917baa084f8a2f82fdf2b900b848, 120KiB) is reproducible.
sparc64/binary/kernel/netbsd-GENERIC.UP.gz (3d71c2b8891945dd7df5d3f5519d059a75b8dd04d5bbef919ac1efd5dd559baa, 6MiB) is reproducible.
sparc64/binary/kernel/netbsd-GENERIC.gz (9b2f14e1e2d4d9c721bd8b54605797b1db95f418589ed3d71f5773d4f28e84c0, 6MiB) is reproducible.
sparc64/binary/kernel/netbsd-INSTALL.gz (1357470baa74bfb242fa6c1bb72a5d372d1ee3667e170f36c54d1fa288195e10, 7MiB) is reproducible.
sparc64/binary/kernel/netbsd-INSTALL.symbols.gz (5b9df5baeffea6df874feef1a284045aa2d8cd07059bfe9a62fd125becacbf44, 261KiB) is reproducible.
sparc64/binary/sets/base.tgz (082ba096eaa2cc8f5049823857b633e509f17ee9e5e8c99748492e001684be17, 72MiB) is reproducible.
sparc64/binary/sets/base32.tgz (0d80e13183208e26f8e8438b322b0aeb0aaa7478377cd72014eb1fb1d49eb948, 15MiB) is reproducible.
sparc64/binary/sets/comp.tgz (09378b5a78a2f835b3ad07c0d3e572abdeb8de33d7329936efea96ecf6148c19, 175MiB) is reproducible.
sparc64/binary/sets/etc.tgz (f8862936a7ef6a8c5bcf75d6a3a451e0f496c4dd77ebf7e25ea6dd470fd78e15, 682KiB) is reproducible.
sparc64/binary/sets/games.tgz (5ccdee8f05be9fad7ca6f2d7f4a341e366997799d8e8ec7fa015a089867e4b43, 4MiB) is reproducible.
sparc64/binary/sets/gpufw.tgz (788d49f90e2cb39c3551c02607a8e2b7d597f19f52668b4e21ea13985248a6e5, 2KiB) is reproducible.
sparc64/binary/sets/kern-GENERIC.UP.tgz (e3561323fb9c3bcb797d7cabece84c05c743985e77db8781c87869012549374e, 6MiB) is reproducible.
sparc64/binary/sets/kern-GENERIC.tgz (d90c3650f00584f06589854c8bfea424e2cb32cd82ad1fc6dce1789cd4ea797c, 6MiB) is reproducible.
sparc64/binary/sets/man.tgz (adf6d967e3f0571bedc258ca005de46166b74d588f2de1a825284ba8f3a4262d, 8MiB) is reproducible.
sparc64/binary/sets/manhtml.tgz (972239e05806d33ab4be88b2b4c4ea51e106f77ad6596cf4677c9dd2fbbdd808, 6MiB) is reproducible.
sparc64/binary/sets/misc.tgz (d5aec558a7967af9c607f4a638cc7042b7a02d27620f7a8c6bf0e504053ef2af, 6MiB) is reproducible.
sparc64/binary/sets/modules.tgz (98080f411b5d33754463e7ecb953d3799e33517e2762df5c052f6d8a47c6d052, 4MiB) is reproducible.
sparc64/binary/sets/rescue.tgz (799cf4b24d4a297ac9bf9ccb9243a6b68c1eea6ad3a31dd87e1d4d3eae973682, 5MiB) is reproducible.
sparc64/binary/sets/tests.tgz (1d83e129963f3af870aad3338e481a476e9dc054f1448a6384e571cd9416a834, 23MiB) is reproducible.
sparc64/binary/sets/text.tgz (6fb719cd6d7d80d5112da45944a81d2daf5d148fa993783d55b185c3da00816d, 3MiB) is reproducible.
sparc64/installation/miniroot/miniroot.fs.gz (b13ccde68a6e9c14ad9ff46c07e0936569d20f671476a721bf3510846f70ec8a, 8MiB) is reproducible.
sparc64/installation/misc/boot.fs.gz (787364ada77bf50c5955344459f3950b2b940e517bb03833e024aa50d6e3eff6, 62KiB) is reproducible.
sparc64/installation/misc/bootblk (9b8f33a1031160240cfe3ce389abb78437e2ceb51e6449182ac65423bae65922, 8KiB) is reproducible.
sparc64/installation/misc/installboot (558141585e7f028cd6098a115e2fed24d5c6673409ce48af65a5b869d9df0b0c, 145KiB) is reproducible.
sparc64/installation/misc/instfs.tgz (c336822f471ed009e7a7d9e5b1a3a7ddf60f06c59cdac204c5ff4f02a5f05c23, 3MiB) is reproducible.
sparc64/installation/misc/ofwboot (667475444c78bc37ea5fa0a07b2e6cbe19011cd9407c4ca6e5dd21c459368ed4, 123KiB) is reproducible.
sparc64/installation/netboot/ofwboot.net (667475444c78bc37ea5fa0a07b2e6cbe19011cd9407c4ca6e5dd21c459368ed4, 123KiB) is reproducible.

commit 8a751b5cf905401b3aae58980b021daf967a4397
Author: roy 
Date:   Wed Nov 13 09:25:52 2024 +0000

    ARP/ND6: Revert prior
    
    Turns out some people actually use this behaviour and strictly speaking
    it is allowed by RFC5227 2.4 where it says:
    
       At any time, if a host receives
       an ARP packet (Request *or* Reply) where the 'sender IP address' is
       (one of) the host's own IP address(es) configured on that interface,
       but the 'sender hardware address' does not match any of the host's
       own interface addresses, then this is a conflicting ARP packet
    
    The key part is "any of the host's own interface addreses".