[Rpm-ecosystem] Reproducible Builds
boklm at mars-attacks.org
Fri Mar 4 23:08:15 UTC 2016
On Tue, 01 Mar 2016, Florian Festi wrote:
> So I want to focus the different pieces of work on rpm(build) here. So
> far I found:
> * The SOURCE_DATE_EPOCH patch mentioned above 
> * Still unfinished patch for file timestamps mentioned there
> * Setting buildhost 
> * See mail above wrt deterministic archives
> I am pretty sure there are still pieces missing.
There might be more pieces later, but this looks like a good start.
With those patches, when trying on a simple package, I have been able
to rebuild it twice and get exactly the same package.
> So, my questions are: Who is actually working on reproducible builds?
Dhiru Kholia started some work on reproducible builds for Fedora:
Holger Levsen setup some reproducibility tests for Fedora:
(for the moment nothing is reproducible because the rpmbuild used does
not have the SOURCE_DATE_EPOCH and buildhost patches yet, adding those
patches should hopefully allow some packages to be fully reproducible)
And I helped with some rpm patches to try to fix the most obvious issues.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: not available
More information about the Rpm-ecosystem