oss-sec mailing list archives

Re: Reproducible Builds for Fedora

From: Moritz Muehlenhoff <jmm () debian org>
Date: Wed, 25 Sep 2013 18:07:55 +0200

On Wed, Sep 25, 2013 at 11:45:38AM +0200, Ludwig Nussel wrote:

Dhiru Kholia wrote:

I have been working on having Reproducible Builds in Fedora for some
time.

At this point, I think I have something demoable. Ensuring Reproducible
Builds is a big task and I want your feedback, ideas, code and support.


In openSUSE we have reproducible binaries to a certain extend. That
project was started some years ago with different (non-security)
intentions. Since the build service rebuilds packages automatically
if any depending package changes, a way was needed to avoid publishing new
rpms if the build result result didn't actually change. So there are
now some scripts that automatically run at the of a new build and
determine with some heuristics whether the new rpms match the old
rpms¹. You can see the output of that script in every build log in
openSUSE:Factory.


There are similar efforts for Debian:
https://wiki.debian.org/ReproducibleBuilds

Cheers,
        Moritz

Current thread:

Re: Reproducible Builds for Fedora, (continued)
- - - Re: Reproducible Builds for Fedora Sebastian Krahmer (Sep 25)
  - Re: Reproducible Builds for Fedora Solar Designer (Sep 25)
    - Re: Reproducible Builds for Fedora Alexander Cherepanov (Sep 26)
    - Re: Reproducible Builds for Fedora Steve Grubb (Sep 26)
    - Re: Reproducible Builds for Fedora Alexander Cherepanov (Sep 26)
    - Re: Reproducible Builds for Fedora Paul Pluzhnikov (Sep 26)
    - Re: Reproducible Builds for Fedora Kurt Seifried (Sep 26)
    - Re: Reproducible Builds for Fedora Paul Pluzhnikov (Sep 27)
    - Re: Reproducible Builds for Fedora Dhiru Kholia (Sep 26)
- Re: Reproducible Builds for Fedora Ludwig Nussel (Sep 25)
  - Re: Reproducible Builds for Fedora Moritz Muehlenhoff (Sep 25)
  - Re: Reproducible Builds for Fedora Dhiru Kholia (Sep 26)