Hi, The effort to make package builds in Fedora reproducible has picked up steam again. We now have a new website: https://docs.fedoraproject.org/en-US/reproducible-builds and an issue tracker: https://pagure.io/fedora-reproducible-builds/project and a matrix room: https://matrix.to/#/#reproducible-builds:fedora.im We've done a mini rebuild using [1] for the package list [2] and results are at [3]. (The result is a json dump of rpmdiff output by package. Generally, "" means the rebuild was identical except for variable metadata, and non-empty output else means that the rebuild was different.) [1] https://github.com/keszybz/fedora-repro-build [2] https://fedorapeople.org/~zbyszek/builds-2024-02-fc41-filtered.txt [3] https://fedorapeople.org/~zbyszek/builds-2024-02-fc41-filtered.results.txt I'm writing this mail for two purposes. First, as a heads-up: various patches and RFEs have been filed to fix issues as they are detected. Second, for the usual enticement: join and be merry. The plan for the immediate future is to fix various issues, both those that affect a single package and also the ones that affect a swath of packages. Some of the remaining second type: https://pagure.io/fedora-reproducible-builds/project/issue/7 — static archives do not respect $SOURCE_DATE_EPOCH, embed UID and GID https://pagure.io/fedora-reproducible-builds/project/issue/10 — Java jar files embed build timestamps https://pagure.io/fedora-reproducible-builds/project/issue/12 — Python pyc file serialization is architecture-specific https://pagure.io/fedora-reproducible-builds/project/issue/14 — noarch packages installing into %{_libdir} https://pagure.io/fedora-reproducible-builds/project/issue/15 — golang debuginfo pakages have files with .gdb_index section of varying size If you have ideas how to tackle some of those issues, help would be very welcome. Please use the matrix room for coordination. Currently the percentage of reproducibility is not very high. Once we fix the issues that affect swaths of packages and we're down to issues that only affect one or a very small number of packages, I hope we can make reproducibility an official effort in Fedora. But that's still some way ahead. Zbyszek -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
