[Rpm-maint] [rpm-software-management/rpm] support reproducible automatic rebuilds (PR #2880)

Neal Gompa (ニール・ゴンパ) notifications at github.com
Wed Feb 21 12:35:52 UTC 2024


Since I was tagged in here and for some reason people think I don't care about reproducibility, let me be clear, I do care about it. However, neither Fedora nor openSUSE suffer from the problems Debian has that necessitated reproducible builds, and the nature of the RPM format vs the Debian format means that we do not have the same problems they do with build data influencing the payload reproducibility.

Fedora has been so far ahead of Debian on this and the Koji build system provides guarantees (at the consequence of trade-offs like increased disk usage over time) that neither Debian's system nor OBS provide that there is less urgency around the issue.

In general, rebuilds should not mutate or influence how reproducible builds behave. I'm confused by the problem you're saying you have: build-compare shouldn't have an issue with SOURCE_DATE_EPOCH being clamped to the changelog, since that's unchanging. The only issue I know if is that if you clamp the buildtime and don't change the Release, you wind up in a situation where it becomes difficult to sort for the newer package. Since OBS changes the Release for every rebuild, this isn't strictly an issue, but openSUSE should not be clamping the buildtime regardless.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2880#issuecomment-1956556571
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/2880/c1956556571 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20240221/2d1bd984/attachment.html>


More information about the Rpm-maint mailing list