Skip to content
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
OSSGadget/src/oss-reproducible/
Go to file
OSSGadget/src/oss-reproducible/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
. .
BuildHelperScripts
 
 
Helpers
 
 
Strategies
 
 
README.md
 
 
ReproducibleTool.cs
 
 
oss-reproducible.csproj
 
 
OSS Reproducible Why Reproducibility? How It Works Ignoring Files Contributing to OSS Reproducible Fixing a Failing Build

README.md

OSS Reproducible

The purpose of oss-reproducible is to analyze open source packages for reproducibility. We start with an existing package (for example, the NPM "left-pad" package, version 1.3.0), and we try to answer the question, Do the package contents authentically reflect the purported source code?

Why Reproducibility?

How It Works

We start by downloading the package from the respective package repository, using OSS Download. Then we look for the source (using OSS Find Source) and try to find and download the correct version of it.

OSS Reproducible uses "strategies" to try to correlate source code with the package contents. These strategies include:

  • PackageMatchesSourceStrategy: Do the package contents exactly match the source code repository contents?
  • PackageContainedInSourceStragegy: Does every file in the package exist in the source code repository? Note that this is different from the previous strategy; for example, unit tests in the source repository that don't appear in the package would be fine for this strategy.
  • AutoBuildProducesSamePackage: Can we re-build the package from the source code repository? Since there is a huge variety in build methods, this can very difficult, or in many cases, impossible.
  • OryxBuildStrategy: The Microsoft Oryx project has independent logic to attempt to "build" source code repositories, so we leverage that as well.

Ignoring Files

Certain files are uninteresting from a reproducibility perspective, and are excluded from analyses. These files are defined in Strategies/PackageIgnoreList.txt.

Contributing to OSS Reproducible

Fixing a Failing Build

If a project requires a custom build command or setup, you can add this to OSS Reproducible by creating a file in BuildHelperScripts/(Package Manager)/(Project Name).{build, prebuild}.