Skip to content

bmwiedemann/reproducibleopensuse

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

510 Commits
exceptions
exceptions
 
 
presentation
presentation
 
 
tests.d
tests.d
 
 
COPYING
COPYING
 
 
Makefile
Makefile
 
 
Makefile.rebuild
Makefile.rebuild
 
 
README.md
README.md
 
 
allchecks
allchecks
 
 
autocheckloop
autocheckloop
 
 
autocheckone
autocheckone
 
 
autoclassify
autoclassify
 
 
autoclassifyall
autoclassifyall
 
 
autoclassifynew
autoclassifynew
 
 
autoprovenance
autoprovenance
 
 
autoreduce
autoreduce
 
 
autoreducebuild
autoreducebuild
 
 
autoreducerm
autoreducerm
 
 
build-compare.diff
build-compare.diff
 
 
calcchecksums
calcchecksums
 
 
cleanupbuilds
cleanupbuilds
 
 
cleanupmany
cleanupmany
 
 
cleanupone
cleanupone
 
 
collectbdeps
collectbdeps
 
 
compare
compare
 
 
comparemany
comparemany
 
 
compareone
compareone
 
 
cpiofilt
cpiofilt
 
 
difflog
difflog
 
 
filterdiff
filterdiff
 
 
findvcs
findvcs
 
 
fixuposcmtime
fixuposcmtime
 
 
gcovdumpfilter
gcovdumpfilter
 
 
getjobs
getjobs
 
 
helperfuncs
helperfuncs
 
 
hexfilt
hexfilt
 
 
howtodebug
howtodebug
 
 
howtodebug.dot
howtodebug.dot
 
 
indexbdeps
indexbdeps
 
 
jsonresult
jsonresult
 
 
jsonresultcache
jsonresultcache
 
 
jsonresultmerge
jsonresultmerge
 
 
make-d-filter
make-d-filter
 
 
multibuildrbk
multibuildrbk
 
 
multibuildrbkall
multibuildrbkall
 
 
nachbau
nachbau
 
 
nachbauall
nachbauall
 
 
noarchcheck
noarchcheck
 
 
obsrebuild
obsrebuild
 
 
oscmount
oscmount
 
 
printrpmtags
printrpmtags
 
 
printrpmtagsimmutable
printrpmtagsimmutable
 
 
prjconf
prjconf
 
 
psosc
psosc
 
 
rb
rb
 
 
rb4
rb4
 
 
rb4b
rb4b
 
 
rb5
rb5
 
 
rbautocheckrecheck
rbautocheckrecheck
 
 
rbbisectdate
rbbisectdate
 
 
rbbisectftbfs
rbbisectftbfs
 
 
rbfindverifiable
rbfindverifiable
 
 
rbfsck
rbfsck
 
 
rbk
rbk
 
 
rbkt
rbkt
 
 
rbmany
rbmany
 
 
rbplot.pl
rbplot.pl
 
 
rbstats
rbstats
 
 
rbstatsdiff
rbstatsdiff
 
 
rebuild
rebuild
 
 
rebuildmany
rebuildmany
 
 
rebuildmanyp
rebuildmanyp
 
 
relevel-patch
relevel-patch
 
 
reportgen
reportgen
 
 
reverselist
reverselist
 
 
rpm_is_noarch
rpm_is_noarch
 
 
runtests.pl
runtests.pl
 
 
scanresults
scanresults
 
 
sha256sums
sha256sums
 
 
showrings
showrings
 
 
slicelist
slicelist
 
 
stracebuild
stracebuild
 
 
stracefilter
stracefilter
 
 
unreproducibleunnoted
unreproducibleunnoted
 
 
unrpmall
unrpmall
 
 
updateall
updateall
 
 
updateone
updateone
 
 
vl
vl
 
 
vn
vn
 
 
vo
vo
 
 
von
von
 
 
wordfilt
wordfilt
 
 
x509filter
x509filter
 
 

Repository files navigation

These tools are intended to make it easier to verify that the binaries resulting from openSUSE builds are reproducible.

For this, we rebuild twice locally from source with variations in

  • date
  • hostname
  • number of CPU cores

and compare the results using the build-compare script that abstracts away some unavoidable (or unimportant) differences.

Setup:

  1. git clone this repo. Some parts of the code assume that it is available in ~/reproducibleopensuse

  2. install dependencies with make suseinstall

  3. export PATH=$PATH:/path/to/reproducibleopensuse

  4. make sure you can build a package with osc build --vm-type=kvm

4.1 make sure you have write-access to /dev/kvm - either it is world writable or you are member of the kvm group (needs new login after group change)

4.2 on Debian stretch, you also need to apply this patch to /usr/lib/obs-build/build-vm-kvm

You probably need to adjust your ~/.oscrc

This config is known to work (except for huge packages like chromium that work with 8GB RAM):

[general]
apiurl = https://api.opensuse.org
status_mtime_heuristic = 1
build-memory = 4096
build-vmdisk-rootsize = 40960

Also to build as non-root user (recommended), without having to type passwords, you need to do echo 'YOURUSERNAME ALL=(ALL) NOPASSWD:/usr/bin/build' > /etc/sudoers.d/oscbuild (or /usr/bin/obs-build on Debian)

Usage:

You can rebuild one package using

osc checkout openSUSE:Factory/update-test-trivial
cd $_
rbk

With some packages that come with a _multibuild file, you need to use multibuildrbk instead that still has limitations.

and you can rebuild a whole distribution using rebuildmany * in the project checkout dir.

This will create output files in RPMS* directories and some result files starting with .rb and .build (the dot is there to have them ignored by osc). The most interesting ones are RPMS/*-compare.out and RPMS/.build.log2

If you encounter a package that has diffs, you can use autoclassify to narrow down the sources of unreproducibility to a few bits. See the rbkt source for meaning of the bits.

You need osc >= 0.158 that understands the --build-opt param and build >= 20171128, that understands the --vm-custom-opt param to pass the modified base clock time to kvm. Both are available in openSUSE Leap 42.3 and OBS has packages for many other Linux distributions.

About

scripts to help make opensuse builds reproducible

Resources

Readme

License

GPL-2.0 license
Activity

Stars

12 stars

Watchers

5 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages