openSUSE:Reproducible openSUSE/Part2

This is documentation Part 2 of Bernhard's R-B-OS - about making enough packages reproducible for a small DVD with some graphical UI. It is sponsored by a grant from the nice people at the NLNet foundation.

package sources are collected in https://build.opensuse.org/project/show/home:bmwiedemann:reproducible:distribution:ring1

Note: building with pbuild is significantly slower here, because dependency resolution is implemented in pure perl and takes a minute to figure out what to build next.

How to build

Ensure you have enough disk space. The binaries need 460GB and the sources another 60GB. Plus builds need another 150GB in /var/tmp with the default build.sh setting of '--buildjobs 2' A full build needs 1-4 weeks.

zypper in osc qemu

Install the `build` tool from https://build.opensuse.org/package/show/home:bmwiedemann:reproducible:distribution:ring1/build (needed for emacs, colord and python-lxml) via

osc getbinaries home:bmwiedemann:reproducible:distribution:ring1 build standard x86_64
sudo rpm -U --oldpackage binaries/build-20241114-1.1.noarch.rpm

osc co home:bmwiedemann:reproducible:distribution:ring1 && cd $_
ln -s 000pbuildconf/_* .
sh 000pbuildconf/sha256sums.src
# => 89b83cb4978ba1298730f771298c22a0e1ce0f5b489386598449921099f3c8ae
sh 000pbuildconf/build.sh
# => da22ee7978861e59a3e4611b86f9c3bfc8dfc9779d38d35eb2b5ae3a8e8b8c36

How to run a minimal VM built from this (credentials are user=root pass=nots3cr3t ):

unrpm /path/to/altimagebuild-1*.rpm
qemu-kvm -drive format=raw,file=var/lib/altimagebuild-x86_64.img -m 1000 -serial stdio -vnc :99

Encountered issues/fixes

• https://github.com/mesonbuild/meson-python/issues/671 random tmpdir
• https://github.com/fedora-java/xmvn/pull/298 various
• https://github.com/Instagram/LibCST/pull/1213 rust
• https://bugzilla.opensuse.org/show_bug.cgi?id=1230856 xen/acpica
• https://bugzilla.opensuse.org/show_bug.cgi?id=1173396 xorg-x11-fonts/fonttosfnt
• https://git.enlightenment.org/enlightenment/efl/issues/41 parallelism => drop https://build.opensuse.org/request/show/1202479
• java-21-openjdk - used taskset 1 to avoid race-conditions
• https://build.opensuse.org/request/show/1204725 python312
• https://bugzilla.opensuse.org/show_bug.cgi?id=1228131 kf6-kirigami + qqc2-breeze-style6 + kf6-qqc2-desktop-style + qt6-declarative + qt6-multimedia + qt6-sensors + qt6-webengine race
• https://bugs.libcamera.org/show_bug.cgi?id=233 libcamera sig + date ; https://lists.libcamera.org/pipermail/libcamera-devel/2024-October/045731.html date
• https://github.com/pygraphviz/pygraphviz/pull/544 python-pygraphviz/python-sphinx-gallery benchmark
• https://build.opensuse.org/request/show/1207950 drop libkolabxml from kdepim-runtime because of https://bugzilla.opensuse.org/show_bug.cgi?id=1060506
• https://gitlab.gnome.org/GNOME/seahorse/-/issues/394 seahorse parallelism/race
• https://bugzilla.opensuse.org/show_bug.cgi?id=1231368 efivar CPU
• https://build.opensuse.org/request/show/1206278 gsl nocheck
• https://build.opensuse.org/request/show/1192626 ca-certificates-mozilla-prebuilt date
• https://github.com/sphinx-doc/sphinx/issues/6714 python312:doc + kernel-source:doc race
• https://build.opensuse.org/request/show/1204725 python312:doc .pyc files in doc
• https://build.opensuse.org/package/show/home:bmwiedemann:reproducible:distribution:ring1/python-numpy .pyc
• fix .jar mtimes with strip-nondeterminism in antlr, rhino, slf4j, sac, xml-commons-apis, uwsgi, tigervnc, jflex, brltty, xalan-j2, protobuf
• schily https://codeberg.org/schilytools/schilytools/pulls/81 uname -r
• lsof https://bugzilla.opensuse.org/show_bug.cgi?id=1232425 uname -r

worked around

• colord https://github.com/hughsie/colord/issues/174 CPU dependent .icc files - maybe from lcms2
• emacs https://mail.gnu.org/archive/html/emacs-devel/2024-10/msg00004.html .pdmp dump files vary
• python-lxml produces different results when compiled on a VM with more than 4 cores
• disable ASLR for building llvm17 + nodejs22
• disable LTO for llvm1[578]
• rust-cbindgen disable LTO
• grpc https://bugzilla.opensuse.org/show_bug.cgi?id=1234751 uname -r

remaining issues

• libreoffice/rpm https://bugzilla.opensuse.org/show_bug.cgi?id=1231580 bug
• memcached https://github.com/memcached/memcached/pull/1074 FTBFS-2038
• python-joblib https://github.com/joblib/joblib/issues/870 FTBFS-j1
• python-pandas/cython https://github.com/pandas-dev/pandas/issues/60078
• java-21-openjdk has some date-dependent variation
• java-11-openjdk (only used for bootstrapping) has plenty old issues
• ceph https://github.com/boostorg/build/issues/760 has an embedded boost version. It produces different binaries when building after 2038
• installation-images various