This wiki was updated to MediaWiki 1.37. If you notice any issues, please report them to admin[at]

openSUSE:Reproducible Builds

Jump to: navigation, search

For openSUSE Reproducible Builds we are trying to identify packages that produce different binaries when building on different hosts or times. And then we remove the sources of those diffs.


If you want to help, contact Bernhard M. Wiedemann <reproducibleopensuse>

Besides the distribution independent chat there is

With OBS

If you want OBS to produce verifyable bit-identical binaries for you, you need to have in your project's prjconf

%source_date_epoch_from_changelog Y
%clamp_mtime_to_source_date_epoch Y
%use_source_date_epoch_as_buildtime Y
%_buildhost reproducible

You can also edit it in a shell with

osc meta -e prjconf $PROJECT

The first macro is already default-on in Tumbleweed and Leap-15.0, Leap 15.1, and Leap 15.2. The other macros will normalize build times and hostname values. So if you want to find out when and where a package was actually built, you need to look at the signature date and use osc jobhistory.

When you just enabled these macros, packages will remain as they are. After the next source change or

osc wipebinaries --repo=openSUSE_Tumbleweed --all $PROJECT

newly built binaries will be created and published. Just 'rebuild' is not enough, because build-compare will notice that it is similar to the old packages and discard the new build result.

Packages from OBS will only be bit-identical to your local builds after processing them with

rpm --delsign $RPMPACKAGE


You can do a local build and compare it to the OBS build result by calling the nachbau script in a checkout dir. See the repo's for setup instructions.


See the guide on how to find, debug and fix reproducibility issues in openSUSE OBS packages