Slide 1

Slide 1 text

Reproducible builds and openSUSE Bernhard M. Wiedemann Cloud Developer [email protected]

Slide 2

Slide 2 text

Introduction

Slide 3

Slide 3 text

3 Where does our code come from

Slide 4

Slide 4 text

4 What are reproducible builds? • Get the same results from building sources • Two use-cases ‒ ideally bit-by-bit identical (thus same hashes) ‒ weaker: same content after applying some filters (via build-compare)

Slide 5

Slide 5 text

5 Why reproducible builds? • Need less trust in the build hosts • Reduced load on build-service from rebuilds

Slide 6

Slide 6 text

6 Typical problems • embedded timestamps, hostname • embedded rebuild counters • random .o file link order changes optimization • compile-time CPU detection

Slide 7

Slide 7 text

Current state

Slide 8

Slide 8 text

8 Work done • 71 submit-requests • 6 bugs filed • 4 upstream fixes merged • some build-compare filters added (e.g. for javadoc)

Slide 9

Slide 9 text

9 rebuild-test-scripts • available from https://github.com/bmwiedemann/reproducibl eopensuse • including this presentation's source https://github.com/bmwiedemann/reproducible opensuse/blob/master/presentation/reproduci ble.md

Slide 10

Slide 10 text

10 How reproducible can we get? • bit-identical with rpm+build from home:bmwiedemann:reproducible repo and effort ‒ https://build.opensuse.org/package/rdiff/home:bmw iedemann:reproducible/build?linkrev=base&rev=2

Slide 11

Slide 11 text

11 Where do we want to go? • fix all build-compare issues • not yet produce fully bit-identical rpms

Slide 12

Slide 12 text

Thank you. 12 Questions?

Slide 13

Slide 13 text

Corporate Headquarters Maxfeldstrasse 5 90409 Nuremberg Germany +49 911 740 53 0 (Worldwide) www.suse.com Join us on: www.opensuse.org 14