[rb-general] [PATCH] docs: Add a definition of "reproducible"
Clemens Lang
cal at macports.org
Tue Dec 20 01:28:22 CET 2016
From: Clemens Lang <neverpanic at gmail.com>
Add the definition of reproducible as drafted at the reproducible builds
world summit in Berlin. Thanks to all participants in the sessions that
worked these out!
---
_data/docs.yml | 1 +
_docs/definition.md | 34 ++++++++++++++++++++++++++++++++++
2 files changed, 35 insertions(+)
create mode 100644 _docs/definition.md
diff --git a/_data/docs.yml b/_data/docs.yml
index dd85141..8440061 100644
--- a/_data/docs.yml
+++ b/_data/docs.yml
@@ -1,5 +1,6 @@
- title: Best practices
docs:
+ - definition
- plans
- buy-in
- test-bench
diff --git a/_docs/definition.md b/_docs/definition.md
new file mode 100644
index 0000000..16b547a
--- /dev/null
+++ b/_docs/definition.md
@@ -0,0 +1,34 @@
+---
+title: When is a build "reproducible"?
+layout: docs
+permalink: /docs/definition/
+---
+
+A build is reproducible if, given the same source code, build environment and
+build instructions, any party can recreate bit-by-bit identical copies of all
+specified artifacts.
+
+The relevant attributes of the build environment, the build instructions and
+the source code, as well as the expected reproducible artifacts, are defined by
+the authors or distributors. The artifacts of a build are the parts of the
+build results that are the desired primary output.
+
+## Explanations
+Source code is usually a version control checkout at a specific revision or
+a source code archive.
+
+Relevant attributes of the build environment would usually include dependencies
+and their versions, build configuration flags and some environment variables as
+far as they are used by the build system, such as for example, locale. It is
+preferable to reduce the set of relevant attributes of the build environment.
+
+Artifacts, for example, would include executables, distribution packages or
+filesystem images. They would usually not include a build log or similar
+secondary outputs.
+
+The reproducibility of artifacts is verified by bit-by-bit comparison. This is
+usually achieved using cryptographically secure hash functions.
+
+Authors or distributors means parties that claim reproducibility of a set of
+artifacts. These may be upstream authors, distribution maintainers or any other
+distributor.
--
2.11.0
More information about the rb-general
mailing list