Verifying packages with Debian's ReproducibleBuilds

Identical Build

Conclusions

Thus far Debian's ReproducibleBuilds project is a success story: As of February 13, 2015, reproducible builds worked for 83.5 percent of all packages (Figure 2) [20]. The new build type will probably also be a release target for Debian 9 – all designed to make Debian that little bit more secure.

Figure 2: In February 2015, the number of packages that could be reproducibly built reached an interim high.

Infos

  1. ReproducibleBuilds in Debian: https://wiki.debian.org/ReproducibleBuilds
  2. OpenSSH bug: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0083
  3. Move on ReproducibleBuilds from 31C3: https://www.youtube.com/watch?v=5pAen7beYNc
  4. Origins of ReproducibleBuilds: https://lists.debian.org/debian-devel/2007/09/msg00746.html
  5. Tor using ReproducibleBuilds: https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise
  6. Problems with ReproducibleBuilds: https://reproducible.debian.net/index_issues.html
  7. Doxygen: http://www.stack.nl/~dimitri/doxygen/
  8. Latex: http://www.latex-project.org
  9. Problems with preprocessor macros in C++: https://wiki.debian.org/Reproducible-Builds/TimestampsFromCPPMacros
  10. Enhanced toolchain: http://reproducible.alioth.debian.org/debian
  11. Buildinfo specification: https://wiki.debian.org/ReproducibleBuilds/BuildinfoSpecification
  12. Debian's Snapshot package archive: http://snapshot.debian.org
  13. Pbuilder: http://pbuilder.alioth.debian.org
  14. debbindiff: https://tracker.debian.org/pkg/debbindiff
  15. Continuous integration platform: https://jenkins.debian.net/
  16. Jenkins statistics: https://reproducible.debian.net/reproducible.html
  17. Buildd: http://buildd.debian.org
  18. Keynote at FOSDEM: http://ftp.heanet.ie/mirrors/fosdem-video/2015/main_track-miscellaneous/Stretching_out_for_trustworthy_reproducible_builds_by_Holger_and_Lunar.mp4
  19. Trusting-Trust attacks: https://www.schneier.com/blog/archives/2006/01/countering_trus.html
  20. Project status update from February 2015: https://lists.debian.org/debian-devel-announce/2015/02/msg00007.html

The Author

Daniel Stender http://www.danielstender.com/entwicklerblog/ has focused on Debian on the desktop since 2002. He officially maintains various packages pertaining to Python libraries, document analysis, OCR, and media production.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
	</a>

<hr>		    
			</div>
		    		</div>

		<div class=