repro-env: Documented and reproducible build environments
kpcyrd
kpcyrd at archlinux.org
Wed Apr 23 20:26:59 UTC 2025
Dear list,
I've introduced this tool on this list before, I think due the recent
discussion about build environments it might be good timing to bring it
up again:
https://github.com/kpcyrd/repro-env
You can think of it as "Cargo.toml/Cargo.lock but for GNU/Linux build
environments".
- repro-env.toml
- Describes the abstract build environment
- "docker.io/library/archlinux with a Rust compiler installed"
- repro-env.lock
- Documents the full, resolved build environment
- Contains exact versions and transitive dependencies
- Addresses packages by cryptographic checksum/content
I use this tool to document the build environment I used for all my
release binaries that I upload to Github (which are all reproducible):
- https://github.com/kpcyrd/repro-env/releases/tag/v0.4.3
- https://github.com/kpcyrd/archlinux-userland-fs-cmp/releases/tag/v0.1.0
- https://github.com/kpcyrd/rshijack/releases/tag/v0.5.2
- https://github.com/kpcyrd/sh4d0wup/releases/tag/v0.11.0
- https://github.com/spytrap-org/spytrap-adb/releases/tag/v0.3.4
I also use this for the apt.vulns.xyz repository that I run:
https://github.com/kpcyrd/apt-vulns-xyz?tab=readme-ov-file#reproducible-builds
(I meant to write a blogpost about how I run my apt repository, but I
keep struggling to find the time/muse to do so).
(Also shoutout to some of the awesome Arch Linux people that helped me
polish Arch Linux into a great general-purpose build environment for
static and cross-compiled binaries, especially for Rust and musl <3).
repro-env is currently available in:
- Ubuntu >= 24.04
- Arch Linux
- The upcoming Debian Trixie release
Thoughts welcome,
kpcyrd
More information about the rb-general
mailing list