Differences between revisions 367 and 368
Revision 367 as of 2018-10-25 09:36:32
Size: 5684
Editor: HolgerLevsen
Comment: without users we are nothing
Revision 368 as of 2018-10-25 09:43:53
Size: 5716
Editor: HolgerLevsen
Comment: some things are not really major (though really annoying)
Deletions are marked like this. Additions are marked like this.
Line 26: Line 26:
 * [[DebianBug:763822|#763822: ftp.debian.org: please include .buildinfo file in the archive]] (see also DebianBug:862073 and DebianBug:862538 as intermediate steps)
 * [[DebianBug:900918|#900918: debian-installer: Please make the generated images reproducible]]
 * User-facing interfaces (see proof-of-concept in [[DebianBug:863622|#863622: apt: warn when installing packages that are not reproducible]]
 * [[DebianBug:900837|#900837: Mass-rebuild of packages for reproducible builds]]

= Annoying but not major =
Line 28: Line 35:
 * [[DebianBug:763822|#763822: ftp.debian.org: please include .buildinfo file in the archive]] (see also DebianBug:862073 and DebianBug:862538 as intermediate steps)
Line 30: Line 36:
 * [[DebianBug:900837|#900837: Mass-rebuild of packages for reproducible builds]]
 * [[DebianBug:900918|#900918: debian-installer: Please make the generated images reproducible]]
 * User-facing interfaces (see proof-of-concept in [[DebianBug:863622|#863622: apt: warn when installing packages that are not reproducible]]

https://reproducible-builds.org

It should be possible to reproduce, byte for byte, every build of every package in Debian. More information about reproducible builds in general are available at reproducible-builds.org.

About
About

Howto
Make a package reproducible

?Contribute
?How to help

Toolchain
Experimental toolchain

History
Project history

Salsa
Salsa project

Bugs
Bug reports

Jenkins
Continuous integration

Status

Reproducible builds of Debian as a whole is still not a reality, though individual reproducible builds of packages are possible and being done. So while we are making very good progress, it is a stretch to say that Debian is reproducible.

  • Most packages built in sid today are reproducible under a fixed build-path and environment.

  • We have a new control file *.buildinfo that records the build environment, see deb-buildinfo for reference. Older design drafts are here.

  • We have a continuous integration platform that builds and immediately rebuilds packages. With this we can detect problems related to timestamps, file ordering, CPU usage, (pseudo-)randomness and other things.

  • We are examining packages and sorting out common problems.

  • Many patches have already been submitted, and we are continuously writing new ones.

  • You can check which packages installed on your system are still unreproducible by using the reproducible-check script in the devscripts package.

Big outstanding issues

These are the critical items necessary to have reproducible builds for at least the required packages of Debian

Annoying but not major

Nice to have

  • Tighten up the Policy definition of "reproducible" to be stricter about environment variables and build paths.
  • Discuss which environment variables we should blacklist or whitelist, 876055.

There are many other possible nice-to-haves, e.g., making builds independent of their build directory, making it possible to create archive formats (like tar.gz and zip) with different tools yet result in the same byte order, etc. Many of those are valuable, but they shouldn't distract from getting the results of reproducible builds out to users.

Next

For more concrete tasks to be done, look at how to contribute.

Statistics from the continuous integration platform


CategoryDebianDevelopment