Looking for reproducible RPM building / rebuilding tooling

Simon J Mudd sjmudd at pobox.com
Thu Dec 4 19:05:55 UTC 2025 

(Apologies for not threading this response properly. I didn’t subscribe correctly to the list and also had an issue with the email address I was using.)
I’ve now corrected that by subscribing with the correct email address.

On Mon 1st December Jelle van der Waa wrote:

…

> > So having bumped into this list I was curious if others know of any
> > better tooling for being able to consistently rebuild rpms from their
> > src rpm packages.
> 
> For Fedora there is fedora-repro-build, but it is specifically made to 
> work with koji. [1] Koji is Fedora's (CentOS) build service and the tool 
> is build around getting the build information from koji and grabbing the 
> packages from there to reproduce a provided package.
> 
> What might be interesting is that mock apparently supports "hermetic 
> builds" which might be interesting to try out to reproduce a package 
> with. [2]
> 
> [1] https://github.com/keszybz/fedora-repro
> [2] https://rpm-software-management.github.io/mock/feature-hermetic-builds.html

Thanks for the pointers.

I’ve bumped into the use of mock a long time ago
but didn’t find it completely satisfactory for a number of reasons.

In the project I was working on I ended up doing things differently
and basically starting from a base “empty” docker container,
from where I installed all required packages to complete the build,
including a non-root rpm build user, and then via the volume rebuilt
the software from that.

This seems to be as reproducible as you can get, though I’ve always
taken the latest base images and not worried about the fact these
base images (for the same OS) will of course differ slightly over
time.

This concept seems cleaner so I would expect there to be tooling
out there which already does this. I just haven’t seen it.

Perhaps MySQL is different but the authors seem to have made an
effort to clean up the code base by using the latest C standards
and latest C compilers so the OS default C/C++ compilers are not
actually used gcc-toolset-XX usage seems common so this extra tooling
needs to be made available. cmake in many cases will refuse to build
if only the default compiler is available.

As you can imagine this confuses and complicates the build setup.

I guess the rpm authors have not considered consistent rebuilds to
be important, though if you want to patch existing software (e.g.
feature enhancements) then clearly you often want to make sure that
everything else is built the same way as the original authors
intended.  rpm seems to fail in this regards.

Either way thanks for the thoughts. I will see if I can cleanup the
current process and maybe make it usable for other projects.

Regards,

Simon

More information about the rb-general mailing list