DeveloperWiki:ReproducibleBuilds

From ArchWiki
Jump to navigation Jump to search

A list of reproducible build meetings and work in progress documentation.

Reproducible build results

Packages that reproduce

Helping out

Arch Linux is currently in the process of having it 100% reproducible, for the exact definition of reproducible builds and it's benefits take a look at the project website.

Arch users can help contribute to Reproducible Build issues by looking at the continuous reproducing environment. There are various issues which can be sorted out:

  • FTBS (failed to build from source): reproduce the build failure locally and create a bug report if the package cannot be built from a clean chroot (extra-x86_64-build or multilib-build).
  • Failed to download sources, reproduce the issue (makepkg -o -d) and create a bug report on the Arch bugtracker.
  • Failed to reproduce. Locally you can reproduce packages using reprotest. Note that not all variations can be used. For simple time related testing:
 reprotest --variations '+time' 'sudo extra-x86_64-build' '*.pkg.tar.xz' 

There might be various reasons for a package to not be reproducible, but before digging in take a look at the upstream repository or the reproducible status in Debian

  • Failed to run tests, these failures are heavily on the testing env. Most likely due to to LANG=C being set and Arch not supporting LANG=C.UTF-8

If you are interested in the code which runs the continuous reproducing environment, the first build code starts here on salsa

To-do list

  • Arch Linux Archive cleanup script
  • Arch Linux Reproducible script
  • A script to locally reproduce an installed package
  • Resolve reproducible build issues
  • Documentation about reproducing a build

Reproducible Build Arch Update 09-12-2018

Posted to the rb-general mailing list.

Agenda meeting 10-01-2018

  • UTF-8 failures with Python.
    There are a lot of reproducible build issues due to the lack of LANG=$lang-UTF-8. Do we need to explicitly set the LANG in the PKGBUILD
    See for example https://tests.reproducible-builds.org/archlinux/community/python-cssselect2/build1.log
  • Package disorderfs
    Not high important right now, I have added it on my todolist. This could be used later in combination with the reproducible build script
  • Pacman release
    How do we convince the Pacman team to create a new release, are there any known blockers they waiting on?
  • Reproducible build script progress
    Discuss what the script exactly should do, create an RFC? To describe it's functionality.
    FIXME: add issues I encountered.
  • Arch Linux Archive: Do not remove packages mentioned in BUILDINFO file
    There is currently no script to remove old packages from the archive, it is not sure how long we want to keep old packges
    Sangy was working on this if I recall correctly, what is the status? poc script
  • Write documentation what this script should do. (Specification)
  • Killed builds
    Someone should investigate this, how do we reproduce this locally? Hints?
  • SSL verification issues
    How do we circumvent SSL issues from reproducing a package locally which was build earlier, when the SSL certificate was valid. HG and SVN are still left to be fixed.
  • Create a public to-do list
    We should get more people in to work on reproducible builds, how can we guide them and where do we keep track of the progress made and issues which require attention.

The meeting minute can be seen here[dead link 2018-11-04].