再現性のあるビルド

Arch Linux は現在、すべてのパッケージを再現可能にすることに取り組んでいます。これにより、ユーザーや研究者は Arch Linux から配布されたパッケージを検証できるようになります。再現可能なビルドの正確な定義とその利点については、プロジェクト Web サイトをご覧ください。

ビルドを検証

リポジトリとリビルド

実験的な rebuilderd インスタンスが、ステータスページを備えた独自のインフラストラクチャ上にセットアップされました。Rebuilderd はリポジトリパッケージを再構築し、それらがビットごとに同一であるかどうかを確認します。再現できない場合は、ツールにバグがあるか、パッケージが再現できないか、パッケージが適切にビルドされていないかのいずれかです。

既知の問題のリストは /Status にあります。

リビルドとバリエーションのある別のリビルド

Builds プロジェクトは Arch Linux パッケージを再構築し、異なる環境での別の再構築と比較します。パッケージのステータスと環境のバリエーションは、Arch Linux 専用ページにリストされています。

Helping out

Tooling

Help out on fixing bugs and adding features for repro.

Running a Rebuilder instance

Setting up rebuilderd to build Arch Linux packages helps to independently verify repository packages.

Verifying packages with repro and finding issues

A great way to help out is to find an unreproducible package and figuring out how it can be made reproducible.

Download an Arch Linux package or get one from the Arch Linux Archive
Run repro on the downloaded package or a package from your pacman cache. Ideally with repro -d to get diffoscope output. For example, repro -d /var/cache/pacman/pkg/curl-7.73.0-1-x86_64.pkg.tar.zst

ノート: https://reproducible.archlinux.org skips the check() step because running all tests for all packages is too flakey. This creates false unreproducible packages status if check() has side-effects, such as Python packages.

Investigate if it is an issue with Arch Linux packaging or upstream, issues can be added on the status page. More information can be found on the Reproducible Builds website.

Work on issues in the tests.reproducible-builds.org infrastructure

Arch users can help contribute to Reproducible Build issues by looking at the continuous reproducing environment. There are various issues which can be sorted out:

FTBS (failed to build from source): reproduce the build failure locally and create a bug report if the package cannot be built from a clean chroot (extra-x86_64-build or multilib-build).
Failed to download sources, reproduce the issue (makepkg -o -d) and create a bug report on the Arch bugtracker.
Failed to reproduce. Locally you can reproduce packages using reprotest. Note that not all variations can be used. For simple time related testing:
```
$ reprotest --variations '+time' 'sudo extra-x86_64-build' '*.pkg.tar.zst'
```

There might be various reasons for a package to not be reproducible, but before digging in take a look at the upstream repository or the reproducible status in Debian

この記事またはセクションは情報が古くなっています。

理由: glibc 2.35-6 ships with C.UTF-8 included. (Discuss)

Failed to run tests, these failures are heavily on the testing environment. Most likely due to to LANG=C being set and Arch not supporting LANG=C.UTF-8.

If you are interested in the code which runs the continuous reproducing environment, the first build code starts here on salsa

ノート: The continuous reproducing environment on tests.reproducible-builds.org does NOT reproduce official arch packages. Its purpose is only to fuzz the packages and attempt to trigger as many bugs as possible, so they can be reported upstream.

Known issues

GPG verification

There is a possible rebuild scenario where GPG keys will not verify as the packager was removed from the keyring or revoked as we use the latest keyring and a package in the archive which we need might need be signed by a revoked key we are unable to verify it and the build will fail.

Contact

#archlinux-reproducible — Main channel for the progress of Reproducible Builds on Arch Linux