[rb-general] Definition of "reproducible build"
Richard Purdie
richard.purdie at linuxfoundation.org
Thu Feb 14 21:50:03 CET 2019
On Thu, 2019-02-14 at 12:25 -0800, John Gilmore wrote:
> > I like the idea, however what you are proposing is basically a new
> > distro/fork, where you would remove all unreproducible packages, as
> > every distro still has some unreproducible bits.
>
> I suggest going the other way -- produce a distro that is "80%
> reproducible" from its source code USB stick and its binary boot USB
> stick. You'd already have the global reproducibility structure and
> scripts written and working, even before the last packages are
> individually reproducible. That global reproducibility tech would be
> immediately adoptable by any distro. The output of the reproduction
> scripts would be a bootable binary that does boot and run! It would
> still have differences from the "release master" bootable binary, but
> those differences would be irrelevant to the functioning of the binary,
> and would be clearly visible with "diff -r".
>
> (For one thing, this would cause the distros to actually produce a
> "source code USB stick image". Currently most of them don't. They
> instead require you to download thousands of separate source packages or
> tarballs, and have no scripts readily visible for building those into a
> bootable binary image.)
>
> After accomplishing that, then the focus could go on the 20% (or 10% or
> whatever) of packages that aren't yet reproducible. And, people making
> small distros could cut out such packages to make a 100% reproducible
> distro, as Holger suggested.
FWIW, the Yocto Project supports that today in the form of our "build-
appliance" images. They contain all the sources and tools to rebuild
the image.
We don't go for full reproducibilty "out the box" at a timestamp level
but you can configure the build to do that. Even out the box we're way
better than 80% though!
Cheers,
Richard
More information about the rb-general
mailing list