[rb-general] progress in rpm and openSUSE in 2019
Bernhard M. Wiedemann
bernhardout at lsmod.de
Fri Nov 15 15:31:29 UTC 2019
like last year (see
as preparation to our summit in December, I wanted to once again collect
last year's changes in rpm and openSUSE that were relevant to
The collection below is in a slightly raw form, but I hope still useful
to many of us.
The period is roughly covered by
In my reproducibleopensuse repo, I added
with details on how to find, debug and fix reproducibility issues.
I also added an rbplot.pl script to graph the package status over time
like Debian does.
http://rb.zq1.de/compare.factory/graph.png shows the current state.
I started a binary archive to be able to rebuild with old binaries. This
allowed to verify that published (reproducible) packages were not
tampered with during build.
Slightly related is also this package source mirror:
It is not yet used for r-b, but at some point could provide a way to
snapshot a whole distribution source tree with a simple "git tag"
I discovered one issue in OBS
https://github.com/openSUSE/open-build-service/issues/6690 new binaries
published under old names confuse our other tools
added FORCE_SOURCE_DATE=1 for latex
and fixed suse-ignored-rpaths.conf (the old version caused i586 or
x86_64 builds to be unverifiable)
https://github.com/openSUSE/brp-check-suse/pull/10 was merged,
allowing for bit-reproducible .a files
https://github.com/openSUSE/pesign-obs-integration/pull/13 pass through
rpm %licence filetype tag
https://github.com/openSUSE/pesign-obs-integration/pull/14 to better
keep rpm bits was merged, but then reverted because it caused trouble
A number of fixes have been done in rpm. Like dpkg in Debian, rpm is the
low-level package manager used in openSUSE, Mandriva, Fedora, Qubes OS
and various derivatives. rpm also includes rpmbuild.
initialize some rpm metadata
https://github.com/rpm-software-management/rpm/pull/785 (allow for
unreproducible Build Date and make it the default)
https://github.com/rpm-software-management/rpm/pull/931 toolchain, keep
at least one changelog entry
to allow to override the Build Date header again
https://github.com/rpm-software-management/rpm/pull/936 fix header
In 2019-07, openSUSE enabled builds with Link Time Optimization (LTO) in
all packages. This introduced some unreproducibility that has now all
https://bugzilla.opensuse.org/show_bug.cgi?id=1141319 -flto introduces
number of CPUs that causes variations in rpm OPTFLAGS and debuginfo in
.a files and similar
https://bugzilla.opensuse.org/show_bug.cgi?id=1141323 packages embed
CFLAGS with -flto : fldigi gmp haproxy ImageMagick lyx neovim tboot tcl znc
LTO-induced indeterminism from global constructors
https://bugzilla.opensuse.org/show_bug.cgi?id=1143905 fwupd computed a
hash over unreproducible LTO data
https://github.com/openSUSE/brp-check-suse/pull/29 I proposed to strip
LTO data from .o files
https://build.opensuse.org/request/show/732635 updated rpm to use
-flto=auto (since 2019-10-21) to not embed the number of CPUs anymore in
the resulting artifacts.
https://github.com/openSUSE/build-compare/pull/31 ignore javadoc
https://github.com/openSUSE/osc/issues/547 report multibuild dep bug
https://github.com/openSUSE/obs-build/pull/510 use gzip -n in Debian
https://github.com/bmwiedemann/theunreproduciblepackage/ got 8 commits,
including one on how floating point introduces non-determinism.
It also adds notes on solutions to some issues.
https://bugzilla.opensuse.org/show_bug.cgi?id=1133809 tracks progress
towards bit-reproducible OBS Factory pkgs.
And finally we had some toolchain and high profile openSUSE packages
https://github.com/python/cpython/pull/12341 a toolchain patch was
merged to sort readdir when building C-extensions for python.
openSUSE python + python3 packages got backports
We added a pip install macro to handle python's wheel (.whl) files
without creating unreproducible .pyc files
https://build.opensuse.org/request/show/705693 gettext-runtime use SDE
for mtime to make acl package build reproducibile
fix build time race in MozillaFirefox + Thunderbird translations
https://bugzilla.mozilla.org/show_bug.cgi?id=1568145 and use a fixed date
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 261 bytes
Desc: OpenPGP digital signature
More information about the rb-general