RBOS / reproducible-openSUSE
Bernhard M. Wiedemann
bernhardout at lsmod.de
Tue Feb 18 12:22:00 UTC 2025
Hello fellow R-B-ings,
I have some good news to share about my small openSUSE fork project
https://news.opensuse.org/2025/02/18/rbos-project-hits-milestone/
that was sponsored by a grant from NLnet.
Of the packages in ring1 [1] ,
emacs and my VM image ('altimagebuild') probably needed the most effort.
For some difficult cases, I just used workarounds, e.g. gcc/bash/python3
build without PGO and a few others build with -j1 to avoid unsolved
race-conditions.
There is still a chance that some rare issue slipped through all my
tests, but at least I was able to reproduce bit-identical binaries on 5
different machines.
In the process, I noticed that there are two different variants of
reproducible builds that we commonly mix together.
There is the first variant where you have an official build and with the
help of some buildinfo data, people are able to independently produce
bit-identical binaries.
And then there is the second variant where all required information is
part of the source, so you can do rebuilds without any official build
happening somewhere.
My RBOS is of the second kind. All packages in RBOS were built with the
packages in RBOS, plus an extra bootstrap-snapshot of
openSUSE-Tumbleweed for missing pieces.
In OBS, we normally have auto-incrementing counters for checkin+rebuild
but in this project, they are fixed at 1.1 so that I can produce
identical binaries in OBS and outside (only the rpm sig needs to be
removed with rpm --delsign (some exceptions apply because of an unmerged
patch [2] and pesigning-magic - but here, OBS is not the primary
artifact - the external builds are))
Do we have some existing terminology to distinguish these two kinds of r-b?
Ciao
Bernhard M.
[1]
https://build.opensuse.org/project/show/home:bmwiedemann:reproducible:distribution:ring1
[2] https://github.com/openSUSE/obs-build/pull/1037
More information about the rb-general
mailing list