Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 25 Sep 2013 11:45:38 +0200
From: Ludwig Nussel <ludwig.nussel@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: Reproducible Builds for Fedora

Dhiru Kholia wrote:
> I have been working on having Reproducible Builds in Fedora for some
> time.
>
> At this point, I think I have something demoable. Ensuring Reproducible
> Builds is a big task and I want your feedback, ideas, code and support.

In openSUSE we have reproducible binaries to a certain extend. That
project was started some years ago with different (non-security)
intentions. Since the build service rebuilds packages automatically
if any depending package changes, a way was needed to avoid publishing new
rpms if the build result result didn't actually change. So there are
now some scripts that automatically run at the of a new build and
determine with some heuristics whether the new rpms match the old
rpms¹. You can see the output of that script in every build log in
openSUSE:Factory.

cu
Ludwig

https://build.opensuse.org/package/show/openSUSE:Factory/build-compare

-- 
  (o_   Ludwig Nussel
  //\
  V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.