Hello Ludwig, I think your great explanation about the SUSE and openSUSE build process should be made obvious for everybody out there. Perhaps it could be placed on some of our web front pages at least on https://build.opensuse.org/ and then linked on other web front pages like https://en.opensuse.org/Main_Page I would be a shame if not everybody out there knows about what On Dec 16 11:18 Ludwig Nussel wrote:
... SUSE and openSUSE distributions have always had reproducible builds, for something like 20 years now. Reproducible in the sense that a packager never builds binaries on his own system in some magic way and then uploads binaries.
We always build sources server side (nowadays OBS, previously autobuild). How the build environment has to look like is defined via BuildRequires in the spec file and settings in the project config on server side. Moreover, we don't allow packagers to directly build packages in the distribution's project. There's always a review step (four eyes principle). Some distributions don't have that and only have reviews when a package is accepted for the first time.
OBS always re-creates the build environment from scratch for each package and automatically uses other packages in the same project to set up that build environment. Ie there's no magic base build system, the distribution bootstraps itself. Not only on request or mass rebuilds but fully automatic. So even packages that haven't been submitted for years are rebuilt with current compilers and libraries. Additionally every binary rpm produced by obs contains a back reference to the used sources (in the disturl).
IOW our process and infrastructure guarantees that our packages can reproducibly be built from source. Everyone can reproduce that by firing up their own build service and linking to OBS. In that sense _our build process is reproducible_ and has always been. The terrifying news here is that other distributions still have to do homework to even get there.
Kind Regards Johannes Meixner -- SUSE LINUX GmbH - GF: Felix Imendoerffer, Jane Smithard, Graham Norton - HRB 21284 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org