[Rpm-ecosystem] Reproducible Builds

Florian Festi ffesti at redhat.com
Tue Mar 1 15:59:02 UTC 2016


Hi!

There are several RFEs and patches popping up that revolve around
reproducible builds. Some may have noticed the recent patch adding the
first pieces for supporting SOURCE_DATE_EPOCH[1].

>From the looks of it there is a quite active group within Debian working
on the topic[2] but this topic clearly transcends single distributions.

When it comes to scope it is clear that rpm cannot tackle the issue
alone as reproducible build require changes on all kind of levels: build
systems, build tools, implementation details but also package managers
or to be more precise package build tools like rpmbuild. Still there are
some things we can do to help.

So I want to focus the different pieces of work on rpm(build) here. So
far I found:

 * The SOURCE_DATE_EPOCH patch mentioned above [1]
  * Still unfinished patch for file timestamps mentioned there
 * Setting buildhost [3]
 * See mail above wrt deterministic archives

I am pretty sure there are still pieces missing.

So, my questions are: Who is actually working on reproducible builds?
What else is missing? Are there any special needs for some build systems?

Florian

[1]
https://github.com/rpm-software-management/rpm/commit/b8a54d6a1e9bb6140b6b47e23dc707e4b967537e
    https://bugzilla.redhat.com/show_bug.cgi?id=1288713
[2] https://reproducible-builds.org/
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1309367

-- 

Red Hat GmbH, http://www.de.redhat.com/ Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael
O'Neill, Charles Peters


More information about the Rpm-ecosystem mailing list