Reproducible builds
and openSUSE
Bernhard M. Wiedemann
Cloud Developer
[email protected]
Slide 2
Slide 2 text
Introduction
Slide 3
Slide 3 text
3
Where does our code come from
Slide 4
Slide 4 text
4
What are reproducible builds?
• Get the same results from building sources
• Two use-cases
‒ ideally bit-by-bit identical (thus same hashes)
‒ weaker: same content after applying some filters
(via build-compare)
Slide 5
Slide 5 text
5
Why reproducible builds?
• Need less trust in the build hosts
• Reduced load on build-service from rebuilds
Slide 6
Slide 6 text
6
Typical problems
• embedded timestamps, hostname
• embedded rebuild counters
• random .o file link order changes optimization
• compile-time CPU detection
Slide 7
Slide 7 text
Current state
Slide 8
Slide 8 text
8
Work done
• 71 submit-requests
• 6 bugs filed
• 4 upstream fixes merged
• some build-compare filters added (e.g. for
javadoc)
Slide 9
Slide 9 text
9
rebuild-test-scripts
• available from
https://github.com/bmwiedemann/reproducibl
eopensuse
• including this presentation's source
https://github.com/bmwiedemann/reproducible
opensuse/blob/master/presentation/reproduci
ble.md
Slide 10
Slide 10 text
10
How reproducible can we get?
• bit-identical with rpm+build from
home:bmwiedemann:reproducible repo and
effort
‒ https://build.opensuse.org/package/rdiff/home:bmw
iedemann:reproducible/build?linkrev=base&rev=2
Slide 11
Slide 11 text
11
Where do we want to go?
• fix all build-compare issues
• not yet produce fully bit-identical rpms
Slide 12
Slide 12 text
Thank you.
12
Questions?
Slide 13
Slide 13 text
Corporate Headquarters
Maxfeldstrasse 5
90409 Nuremberg
Germany
+49 911 740 53 0 (Worldwide)
www.suse.com
Join us on:
www.opensuse.org
14