You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"It should be possible for the users to verify that the binary matches what the source intended to produce, in an independent fashion. This is the basic nature of open source, the source code is available, so what can we do with it?"
"A source package should build byte-for-byte identical products when rebuilt in the same environment. (...) We have seen variations related to the time of the build, the order of files on the filesystem, the current user, the system hostname, the uname output, (pseudo-)-randomness, and the CPU features or load. Such aspects must not be captured by the build process to make a package reproducible."
"Mock is a tool for building packages. It can build packages for different architectures and different Fedora or RHEL versions than the build host has. Mock creates chroots and builds packages in them. Its only task is to reliably populate a chroot and attempt to build a package in that chroot."
The text was updated successfully, but these errors were encountered:
https://securityblog.redhat.com/2013/09/18/reproducible-builds-for-fedora/
"It should be possible for the users to verify that the binary matches what the source intended to produce, in an independent fashion. This is the basic nature of open source, the source code is available, so what can we do with it?"
https://wiki.debian.org/ReproducibleBuilds/Howto
"A source package should build byte-for-byte identical products when rebuilt in the same environment. (...) We have seen variations related to the time of the build, the order of files on the filesystem, the current user, the system hostname, the uname output, (pseudo-)-randomness, and the CPU features or load. Such aspects must not be captured by the build process to make a package reproducible."
Possibly we can use Mock
https://fedoraproject.org/wiki/Mock?rd=Subprojects/Mock
"Mock is a tool for building packages. It can build packages for different architectures and different Fedora or RHEL versions than the build host has. Mock creates chroots and builds packages in them. Its only task is to reliably populate a chroot and attempt to build a package in that chroot."
The text was updated successfully, but these errors were encountered: