Reproducible builds enable anyone to reproduce bit by bit identical binary packages from a given source, so that anyone can verify that a given binary derived from the source it was said to be derived. There is more information about reproducible builds on the Debian wiki and on https://reproducible-builds.org. These pages explain in more depth why this is useful, what common issues exist and which workarounds and solutions are known.
Reproducible Fedora 23 is an effort to apply this to Fedora 23. Thus Fedora 23 packages are build twice, with a few varitations added and then the resulting packages from the two builds are compared using diffoscope. Please note that the toolchain is not varied at all as the rebuild happens on exactly the same system. More variations are expected to be seen in the wild.
Please note that this set up is as new as December 12th, so quite some things are still lacking, eg. https://github.com/kholia/ReproducibleBuilds is not followed at all yet and there are no variations introduced for the 2nd build. Also only a subset of all source packages is currently being tested. OTOH this setup is mature enough that it requires very few trivial changes to build all 17080 source packages in Fedora 23, if it were sensible. Which it isn't right now, but should be soon.
FIXME: explain Fedora 23 test setup here.
There are no variations introduced in the fedora-23 builds yet. Stay tuned.
|release (architecture)||all source packages||reproducible packages||unreproducible packages||packages failing to build||packages in depwait state||packages download failures||unknown state|
|fedora-23 (x86_64)||845||0||786 (93.0%)||54 (6.3%)||5 (.5%)||0||0|