openSUSE:Reproducible openSUSE
Bernhard M. Wiedemann has been testing reproducible builds of openSUSE distributions since 2016. In this process he already produced over 1000 patches and bugreports.
What
Now it is time to create a general-purpose Linux distribution from it, that consists of 100% bit-reproducible packages (minus the rpm signature). It shall be based on openSUSE Tumbleweed or its Slowroll-variant (if available).
How
To get there, we have to review the remaining (approx 130) packages and either drop them or fix or workaround issues. Fixing can be quite some effort as most of the easy patches have already been done.
Bugfixes will be sent upstream wherever possible, to ensure long-term viability.
The few remaining unreproducible leaf packages may live in an extra repo that is disabled by default.
It might be possible some day to get all of the required changes into the openSUSE Tumbleweed distribution to make the extra project obsolete.
Optional Goals
- provide bit-reproducible images (install, VM)
- self-hosting = everything in Reproducible-openSUSE can be reproduced using the code that is in Reproducible-openSUSE
both optional goals were reached.
Future
Upstreaming of patches goes on. Either to upstream, openSUSE Factory/Tumbleweed or just to Slowroll. I want the Slowroll distribution to take on the legacy of RBOS with as few unreproducible packages as possible.
With https://github.com/openSUSE/slowroll-tools/commit/1e98128b821ee3f01640cc37ea1e70cd6813634f we can generate and keep updated a meta-package to prevent installation of unreproducible packages (those in outside ring0+1 that we could not fix yet)
Additionally the rb-checker bot tests all new submissions to Factory so I get a chance to fix new issues before they are merged. It does not always work out. Also most reported findings are known old issues.