Fedora 41 Approved To Make Package Builds More Reproducible

Written by Michael Larabel in Fedora on 7 May 2024 at 06:48 AM EDT. 14 Comments
FEDORA
In addition to approving -O3 optimized Python builds, the Fedora Engineering and Steering Committee (FESC)) this week unanimously approved a Fedora 41 change proposal for making RPM package builds more reproducible.

Fedora 41 has been eyeing more reproducible package builds thanks to a Rust program. The Rust-based "add-determinism" would be part of the post-build cleanup process for RPM package builds to address common causes of build irreproducibility. This change is capable of making most Fedora RPM package builds reproducible in the name of security and auditability. As explained in that change proposal:
"add-determinism is a Rust program which, as its name suggests, adds determinism to files that are given as input by attempting to standardize metadata contained in binary or source files to ensure consistency and clamping to $SOURCE_DATE_EPOCH in all instances. add-determinism is the "Fedora version" of strip-nondeterminism from the Debian project. Since strip-nondeterminism is written in perl, it is undesirable for use in Fedora, as we don't want to pull perl in the buildroot for every package.

It's worth noting that this Change does not intend to impose any specific reproducibility requirements on Fedora packages. Once this Change is implemented and we have been through a mass rebuild and can verify that the common causes of irreproducibility have indeed been removed, we can consider further steps. But that will be at least one release later.

This change does add a small amount of time to the processing of RPMs at the end of a build. Accordingly, packages containing large quantities or sizes of files be slower, but this effect is not expected to be noticeable. add-determinism takes steps to ensure it does not interfere with other buildroot post processors like mangle-shebangs, python-hardlink, python-bytecompile. It defaults to not doing any modifications in case it doesn't understand the input file or there are any other problems."

All FESCo members are on-board with the proposal and it's now been approved for the Fedora 41 release this autumn.

FESCo approval


The add-determinism program for those interested can be found on GitHub.
14 Comments
Related News
Fedora KDE Desktop Spin Promoted To Same Tier As GNOME-Based Fedora Workstation
Fedora Stakeholders Debate Idea Of "-O3" Optimized Packages
Fedora 41 Releases Today With Many Shiny New Features
Suggestion Raised For Using PGO + LLVM BOLT To Optimize More Fedora Packages
Fedora 41 Has Working Intel IPU6 Web Camera Support With Modern Laptops
Fedora's Kernel Build Now Enabling Sched_Ext Support
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linus Torvalds Lands A 2.6% Performance Improvement With Minor Linux Kernel Patch
VMware Workstation Shifting From Proprietary Code To Using Upstream KVM
Intel Spots A 3888.9% Performance Improvement In The Linux Kernel From One Line Of Code
Rust-Based Redox OS Gets RISC-V Working, Also Now Booting On The Raspberry Pi 4
Ubuntu Hoping To Remove Qt 5 Before Ubuntu 26.04 LTS
Valve Engineer Fixes Massive Performance Issue For RADV Driver With AMD FSR2 Sample
KDE Will Nicely Notify You When Apps Are Being Killed Due To Out-Of-Memory
Ubuntu's Great Mainline Kernel PPA Hasn't Been Working Since Mid-September