Fedora 41 Approved To Make Package Builds More Reproducible

Written by Michael Larabel in Fedora on 7 May 2024 at 06:48 AM EDT. 14 Comments
FEDORA
In addition to approving -O3 optimized Python builds, the Fedora Engineering and Steering Committee (FESC)) this week unanimously approved a Fedora 41 change proposal for making RPM package builds more reproducible.

Fedora 41 has been eyeing more reproducible package builds thanks to a Rust program. The Rust-based "add-determinism" would be part of the post-build cleanup process for RPM package builds to address common causes of build irreproducibility. This change is capable of making most Fedora RPM package builds reproducible in the name of security and auditability. As explained in that change proposal:
"add-determinism is a Rust program which, as its name suggests, adds determinism to files that are given as input by attempting to standardize metadata contained in binary or source files to ensure consistency and clamping to $SOURCE_DATE_EPOCH in all instances. add-determinism is the "Fedora version" of strip-nondeterminism from the Debian project. Since strip-nondeterminism is written in perl, it is undesirable for use in Fedora, as we don't want to pull perl in the buildroot for every package.

It's worth noting that this Change does not intend to impose any specific reproducibility requirements on Fedora packages. Once this Change is implemented and we have been through a mass rebuild and can verify that the common causes of irreproducibility have indeed been removed, we can consider further steps. But that will be at least one release later.

This change does add a small amount of time to the processing of RPMs at the end of a build. Accordingly, packages containing large quantities or sizes of files be slower, but this effect is not expected to be noticeable. add-determinism takes steps to ensure it does not interfere with other buildroot post processors like mangle-shebangs, python-hardlink, python-bytecompile. It defaults to not doing any modifications in case it doesn't understand the input file or there are any other problems."

All FESCo members are on-board with the proposal and it's now been approved for the Fedora 41 release this autumn.

FESCo approval


The add-determinism program for those interested can be found on GitHub.
14 Comments
Related News
Fedora Asahi Remix 40 Now Available For Apple Silicon Devices, KDE Plasma 6 By Default
Fedora Cleared To Build Python Package With "-O3" Optimizations
Fedora Evaluates Replacing Redis With Valkey
Fedora Miracle Spin Proposed For Fedora 41
Fedora Linux 40 Available For Download As A Wonderful Upgrade
Fedora Linux 40 Cleared For Release Next Week
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
NVIDIA's Open GPU Linux Kernel Driver Will Soon Be The Default For Turing & Newer GPUs
Torvalds Voices Thoughts On Linux Mitigating Unexpected Arithmetic Overflows/Underflows
Germany's Sovereign Tech Fund Now Supporting FFmpeg
Linus Torvalds Is Doing More ARM64 Linux Testing Now That He Has A More Powerful System
Linus Torvalds On Dogfooding The Linux Kernel
ReactOS "Open-Source Windows" Making Good Strides On SMP CPU Support
Microsoft Engineer Ports EXT2 File-System Driver To Rust
KDE Making Good Progress On HDR, Better Gamescope Integration