openSUSE Spin Achieves 100% Bit-Identical Packages For Reproducible Builds
There is an openSUSE project called Reproducible-openSUSE "RBOS" working on a proof-of-concept for constructing openSUSE in a bit-identical manner as part of the broad Reproducible Builds effort to be able to reproduce builds bit-for-bit against what is being compiled by the distribution vendor or other software distribution. The openSUSE RBOS has achieved 100% bit-identical packages as a major milestone.
The openSUSE project announced today that the experimental RBOS project has achieved a significant milestone in demonstrating a usable Linux distribution with "100% bit-identical packages." First though, OpenSUSE's RBOS isn't to be confused with another Linux distribution effort... RBOS as the Rebecca Black OS experimental proving grounds for Wayland.
With openSUSE's RBOS they are now demonstrating working bit-for-bit package rebuilds as part of ensuring a solid software supply chain. More details on the current RBOS state led by Bernhard Wiedemann:
"Wiedemann took on this 4-month-long project to create a fork of openSUSE that has 100% bit-reproducible packages. So far ring0 (aka bootstrap) and ring1 with 3,300 software packages have all successfully been patched and tested. Overall, the 16,000 source packages in openSUSE Factory have around 300 packages with issues left...Approximately 40 patches were needed and some more were completed before this project. Usually half of these patches are upstreamed.
With this, it is now possible to do a change in a toolchain package, rebuild everything and see exactly what changed as a result of the change."
The patches will eventually work their way into the openSUSE Factory channel and in turn make it into openSUSE/SUSE releases in the coming years.
More details on this openSUSE reproducible builds milestone via openSUSE.org.
