debrepro - reproducibility tester for Debian packages
debrepro [OPTIONS] [SOURCEDIR]
debrepro will build a given source directory twice, with a set of variations between the first and the second build, and compare the produced binary packages. If diffoscope is installed, it is used to compare non-matching binaries. If disorderfs is installed, it is used during the build to inject non-determinism in filesystem listing operations.
SOURCEDIR must be a directory containing an unpacked Debian source package. If SOURCEDIR is omitted, the current directory is assumed.
At the very end of a build, debrepro will inform the location of the output directory where the build artifacts can be found. In that directory, you will find:
- Contains the results of the first build, including a copy of the source tree, and the resulting binary packages.
- Contains the exact build script that was used in the first build.
- Contains the results of the second build, including a copy of the source tree, and the resulting binary packages.
- Contains the exact build script that was used in the second build.
Taking a diff(1) between $OUTPUTDIR/first/build.sh and $OUTPUTDIR/second/build.sh is an excellent way of figuring out exactly what changed between the two builds.
- The $USER environment variable will contain different values between the first and second builds.
- During the second build, a fake, non-existing directory will be appended to the $PATH environment variable.
- The builds will use different umask settings.
- Both $LC_ALL and $LANG will be different across the two builds.
- $TZ will be different across builds.
- If disorderfs is installed, both builds will be done under a disorderfs overlay directory. This will cause filesystem listing operations to be return items in a non-deterministic order.
- The second build will be executed 213 days, 7 hours and 13 minutes in the future with regards to the current time (using faketime(1)).
- -s VARIATION, --skip VARIATION
- Don't perform the named VARIATION. Variation names are the ones used in their description in section SUPPORTED VARIATIONS.
- -b COMMAND, --before-second-build COMMAND
- Run COMMAND before performing the second build. This can be used for
example to apply a patch to a source tree for the second build, and check
whether (or how) the resulting binaries are affected.
$ debrepro --before-second-build "git checkout branch-with-changes" $ debrepro --before-second-build "patch -p1 < /path/to/patch"
- -t TIME, --timeout TIME
- Apply a timeout to all builds. TIME must be a time specification compatible with GNU timeout(1).
- -h, --help
- Display this help message and exit.
- Package is reproducible.
Reproducible here means that the two builds produced the exactly the same binaries, under the set of variations that debrepro tests. Other sources of non-determinism in builds that are not yet tested might still affect builds in the wild.
- Package is not reproducible.
- The given input is not a valid Debian source package.
- Required programs are missing.
diffoscope (1), disorderfs (1), timeout(1)
Antonio Terceiro <email@example.com>.