openSUSE:Reproducible openSUSE/Part2

This is documentation Part 2 of Bernhard's R-B-OS - about making enough packages reproducible for a small DVD with some graphical UI.

package sources are collected in https://build.opensuse.org/project/show/home:bmwiedemann:reproducible:distribution:ring1

Note: building with pbuild is significantly slower here, because dependency resolution is implemented in pure perl and takes a minute to figure out what to build next.

How to build

osc co home:bmwiedemann:reproducible:distribution:ring1 && cd $_
ln -s 000pbuildconf/_* .
sh 000pbuildconf/sha256sums.src
sh 000pbuildconf/build.sh

How to run a minimal VM built from this (credentials are user=root pass=nots3cr3t ):

unrpm /path/to/altimagebuild-1*.rpm
qemu-kvm -drive format=raw,file=var/lib/altimagebuild-x86_64.img -m 1000 -serial stdio -vnc :99

Encountered issues/fixes

• https://github.com/mesonbuild/meson-python/issues/671 random tmpdir
• https://github.com/fedora-java/xmvn/pull/298 various
• https://github.com/Instagram/LibCST/pull/1213 rust
• https://bugzilla.opensuse.org/show_bug.cgi?id=1230856 xen/acpica
• https://bugzilla.opensuse.org/show_bug.cgi?id=1173396 xorg-x11-fonts/fonttosfnt
• https://git.enlightenment.org/enlightenment/efl/issues/41 parallelism => drop https://build.opensuse.org/request/show/1202479
• java-21-openjdk - used taskset 1 to avoid race-conditions
• disable ASLR for building llvm17 + nodejs22
• disable LTO for llvm1[578]
• https://build.opensuse.org/request/show/1204725 python312
• https://bugzilla.opensuse.org/show_bug.cgi?id=1228131 kf6-kirigami + qqc2-breeze-style6 + kf6-qqc2-desktop-style + qt6-declarative + qt6-multimedia + qt6-sensors + qt6-webengine race
• https://bugs.libcamera.org/show_bug.cgi?id=233 libcamera sig + date ; https://lists.libcamera.org/pipermail/libcamera-devel/2024-October/045731.html date
• https://github.com/pygraphviz/pygraphviz/pull/544 python-pygraphviz/python-sphinx-gallery benchmark
• https://build.opensuse.org/request/show/1207950 drop libkolabxml from kdepim-runtime because of https://bugzilla.opensuse.org/show_bug.cgi?id=1060506
• https://gitlab.gnome.org/GNOME/seahorse/-/issues/394 seahorse parallelism/race
• https://bugzilla.opensuse.org/show_bug.cgi?id=1231368 efivar CPU
• https://build.opensuse.org/request/show/1206278 gsl nocheck
• https://build.opensuse.org/request/show/1192626 ca-certificates-mozilla-prebuilt date
• https://github.com/sphinx-doc/sphinx/issues/6714 python312:doc + kernel-source:doc race
• https://build.opensuse.org/request/show/1204725 python312:doc .pyc files in doc
• https://build.opensuse.org/package/show/home:bmwiedemann:reproducible:distribution:ring1/python-numpy .pyc
• fix .jar mtimes with strip-nondeterminism in antlr, rhino, slf4j, sac, xml-commons-apis, uwsgi, tigervnc, jflex, brltty, xalan-j2, protobuf
• rust-cbindgen disable LTO
• schily https://codeberg.org/schilytools/schilytools/pulls/81 uname -r
• lsof https://bugzilla.opensuse.org/show_bug.cgi?id=1232425 uname -r

remaining issues

• libreoffice/rpm https://bugzilla.opensuse.org/show_bug.cgi?id=1231580 bug
• colord https://github.com/hughsie/colord/issues/174 CPU dependent .icc files - maybe from lcms2
• emacs https://mail.gnu.org/archive/html/emacs-devel/2024-10/msg00004.html .pdmp dump files vary
• memcached https://github.com/memcached/memcached/pull/1074 FTBFS-2038
• python-joblib https://github.com/joblib/joblib/issues/870 FTBFS-j1
• python-pandas/cython https://github.com/pandas-dev/pandas/issues/60078
• java-21-openjdk has some date-dependent variation
• java-11-openjdk (only used for bootstrapping) has plenty old issues
• ceph https://github.com/boostorg/build/issues/760 has an embedded boost version. It produces different binaries when building after 2038
• python-lxml produces different results when compiled on a VM with more than 4 cores
• installation-images various