Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [reproducible-build]

16 questions
11
votes
3 answers

Compressing two identical folders give different result

I have two identical folders, with same structure and contents like this: folder_1 hello.txt subfolder byebye.txt folder_2 hello.txt subfolder byebye.txt if I compress them as tar.xz formats I get two different archives with two…
lviggiani
  • 3,549
  • 7
  • 35
  • 67
10
votes
1 answer

Visualizing dependencies coded up in makefiles as a graph

Closely related to How to display dependencies given in a makefile as a tree? But the answers given there is not satisfactory (i.e. do not work). Is there a tool to visualize the Directed Acylic Graphs (DAGs) coded up in standard Makefiles? eg, a…
Dr Krishnakumar Gopalakrishnan
  • 395
  • 2
  • 14
7
votes
1 answer

Can files compressed with bzip2 be relied upon to be deterministic (reproducible)?

I am trying to determine if there are any potential issues using bzip2 to compress files that need to be 100% reproducible. Specifically: can metadata (name / inode, lastmod date, etc) or anything else cause identical file contents to produce a…
Jonathan Cross
  • 248
  • 1
  • 10
5
votes
2 answers

How to make a reproducible iso file with mkisofs/genisoimage?

In an automated process an iso file is created with mkisofs. Even, as the original data is excactly the same, the resulting iso files are not the same (their md5sum changes). Since I rsync --checksum the result, I dislike that the "same iso" is of…
fraleone
  • 737
  • 2
  • 9
  • 21
5
votes
1 answer

Dockerfile, Docker image and reproducible environment

The usual documentation and notes on docker mention version controlling and sharing the Dockerfile, which should let anyone build an identical image. This sounds great, however, we typically have commands like this one. RUN apt-get update pip…
Rajesh Chamarthi
  • 153
  • 4
4
votes
4 answers

Making bit identical ext2 filesystems

I'm preparing an image file for a linux system. I need to be able to run my script that creates the image and have the output be bit-for-bit identical each time. I do the normal procedure, by making a large binary file, partition it, create a loop…
jhufford
  • 151
  • 4
2
votes
2 answers

How to verify if a given package is built in a reproducible way as an end user?

Let's I would like to verify if the package mksh can be built in a reproducible way. I am trying with apt build-dep mksh apt source mksh cd mksh; dpkg-buildpackage -uc -us cd ..; sha256sum If I now do apt download mksh and…
Manu
  • 576
  • 3
  • 15
1
vote
0 answers

build Debian package "chromium 108" on Debian Buster

I am trying to build chromium 108 for Debian Buster. The package only exists for Debian Bullseye, so on my Debian Buster build machine, I need to change the /etc/apt/sources.list to bullesyse and download sources: apt-get source chromium After that…
400 the Cat
  • 819
  • 4
  • 37
  • 85
1
vote
1 answer

How to fix error building a Docker image with Nix using a pinned revision

I'm trying to build a Docker image with Nix at a pinned revision. The file works when it looks like this: { pkgs ? import { } }: pkgs.dockerTools.buildImage { ... But fails when it looks like this: { pkgs ? (import…
Matt R
  • 375
  • 4
  • 10
1
vote
1 answer

Minor kernels updates applicability for people running custom kernel builds

Imagine the situation. You're running a custom kernel which you compiled from the vanilla sources using your own .config. A new minor update gets released, let's say 5.16.16 which was released just yesterday, while you're already running…
Artem S. Tashkinov
  • 26,392
  • 4
  • 33
  • 64
1
vote
1 answer

Why can't I install an almost indentical kernel on brand new debian 11?

My overall objective is to build an RT_PREEMPT kernel that I can modify. As an intermediate step, I'm trying to build and install (and run as a grub entry) a generic, non-RT_PREEMPT kernel. But I think the question below is valid, even without…
doctorzaius
  • 11
  • 2
1
vote
1 answer

How to list which unreproducible packages are installed on a Debian system?

Why reproducible builds are important is explained at reproducible-builds.org: Whilst anyone may inspect the source code of free and open source software for malicious flaws, most software is distributed pre-compiled with no method to confirm…
mYnDstrEAm
  • 4,008
  • 13
  • 49
  • 108
1
vote
2 answers

Is there a practical way to make binary-reproducible CPIO (initramfs) archives?

I would like my initramfs to have the same hash no matter when or where I build it if the contents of the files are the same (and are owned by root and have same permissions). I don't see any options in GNU cpio to strip or set timestamps of files…
davolfman
  • 479
  • 2
  • 7
1
vote
2 answers

Is there a standard archive format with no file metadata?

For some context, I'm working on a package manager-like utility that supports building packages as a non-root user. I want to make sure that packages built by a root user and built by a non-root user are absolutely indistinguishable rather than,…
Greg Nisbet
  • 2,996
  • 2
  • 25
  • 42
1
vote
2 answers

Is there a Linux distribution with reproducible build system?

Something like Gitian for Bitcoin when several people independently build binaries and publish their checksums, I found NixOS but it has only reproducible packages but I mean a whole iso image?
Bdimych2 Bdimych2
  • 121
  • 3
1
2