[Dev] Reproducible Builds

Luke Shumaker lukeshu at lukeshu.com
Mon Apr 10 01:34:06 GMT 2017

On Sun, 09 Apr 2017 04:32:34 -0400,
Bill Auger wrote:
> On Sun, Apr 9, 2017 at 12:58 AM, Luke Shumaker <lukeshu at lukeshu.com> wrote:
> >
> > I do think that borrowing/building on the work that has been done for
> > the tests.R-B.org/archlinux server is a good idea.  I'm not sure
> > Jenkins itself is entirely necessary though; it seems a little
> > heavyweight for what is a pretty simple task.
> i think there is still a mis-conception implied in that - there is
> nothing useful to "leverage" regarding the jenkins server at r-b.o -
> it is not a build farm

No, the server/hardware itself is not useful, but code has been
written for job dispatch.

> debian specifies the environment in a .BUILDINFO metadata file for
> example that accompanies the sources but again, each distro can handle
> that as it chooses - this declares in a functional way such constants
> as the exact versions of the compiler and dependencies - (i.e.
> compiler ^ dependencies ^ sources ^ env-vars -> deterministic-result)
> - jenkins re-builds each package several times randomizing some
> unspecified factors to verify that the build is reproducible given
> only the source and the prescribed build environment expectations - it
> then discards the artifacts and displays the test results on the web -
> there is nothing more to it

Yes, this was actually mostly implemented in pacman/makepkg 5.  There
are some timestamps that cause problems, but pacman 5 took a big cue
from other R-B efforts.

Happy hacking,
~ Luke Shumaker

PS: your message didn't have the 'In-Reply-To' or 'References' headers
set; screwing up threading.

More information about the Dev mailing list