Differences between revisions 353 and 354
Revision 353 as of 2017-10-03 15:04:28
Size: 5231
Editor: Infinity0
Comment: move "next" section up and merge it with the other items
Revision 354 as of 2018-03-30 18:30:44
Size: 5200
Comment: Update reproducible-check script location
Deletions are marked like this. Additions are marked like this.
Line 18: Line 18:
 * You can check which packages installed on your system are still unreproducible by using the [[https://anonscm.debian.org/cgit/reproducible/misc.git/tree/unreproducible-installed|unreproducible-installed]] script.  * You can check which packages installed on your system are still unreproducible by using the `reproducible-check` script in the `devscripts` package.
Line 40: Line 40:
----
CategoryDebianDevelopment

It should be possible to reproduce, byte for byte, every build of every package in Debian. More information about reproducible builds in general are available at reproducible-builds.org.

About
About

Howto
Make a package reproducible

?Contribute
?How to help

Toolchain
Experimental toolchain

History
Project history

Alioth
Alioth project

Bugs
Bug reports

Jenkins
Continuous integration

Status

Reproducible builds of Debian as a whole is still not a reality, though individual reproducible builds of packages are possible and being done. So while we are making very good progress, it is a stretch to say that Debian is reproducible.

  • Most packages built in sid today are reproducible under a fixed build-path and environment.

  • We have a new control file *.buildinfo that records the build environment, see deb-buildinfo for reference. Older design drafts are here.

  • We have a continuous integration platform that builds and immediately rebuilds packages. With this we can detect problems related to timestamps, file ordering, CPU usage, (pseudo-)randomness and other things.

  • We are examining packages and sorting out common problems.

  • Many patches have already been submitted, and we are continuously writing new ones.

  • You can check which packages installed on your system are still unreproducible by using the reproducible-check script in the devscripts package.

Next

  • Identify more common problems.
  • Make dak process *.buildinfo files, see #763822 ftp.debian.org: please include .buildinfo file in the archive for the relevant bug report, with 862073 and 862538 as intermediate steps.

  • Tighten up the Policy definition of "reproducible" to be stricter about environment variables and build paths.
    • Discuss which environment variables we should blacklist or whitelist, 876055.

    • Try to push our patches upstream, that allow toolchain programs to build reproducibly even varying build paths.

    • Continue to experiment building packages under varying build paths, to see the extent of this issue.
  • Using .buildinfo data, develop tools that can rebuild previously-built packages including ones from the official Debian archives.

  • Require matching binary packages from the developer and a buildd before accepting the package in the archive. This could initially be opt-in.

For more concrete tasks to be done, look at ?how to contribute.

Statistics from the continuous integration platform

Drivers

  • h01ger
  • lamby
  • infinity0


CategoryDebianDevelopment