Tools

Several tools are available to make your life easier when working on reproducible builds.

Signed tarballs are available.

diffoscope

diffoscope will try to get to the bottom of what makes files or directories different. It will recursively unpack archives of many kinds and transform various binary formats into more human-readable forms for comparison. It can compare two tarballs, ISO images, or PDFs just as easily. See an example HTML and text output.

Homepage Git Issues Merge requests Debian package PyPI

trydiffoscope

If you wish to just experiment with diffoscope without installing a large number of run-time dependencies, you can use the try.diffoscope.org service directly from your web browser. A lightweight client is also available as the trydiffoscope command-line utility.

Homepage Git Merge requests Debian package PyPI

disorderfs

Problems with unstable order of inputs or other variations introduced by filesystems can sometimes be hard to track down. disorderfs is an overlay FUSE filesystem that deliberately introduces non-determinism into filesystem metadata. For example, it can randomize the order in which directory entries are read.

Git Merge requests Debian package

strip-nondeterminism

Some tools used in build systems might introduce non-determinism in ways difficult to fix at the source, which requires post-processing. strip-nondeterminism knows how to normalise various file formats such as gzipped files, ZIP archives, and Jar files. It is written in Perl with extensibility in mind.

Git Issues Merge requests Debian package

reprotest

reprotest builds the same source code in different environments and then checks the binaries produced by the builds to see if changing the environment, without changing the source code, changed the generated binaries.

Git Merge requests Debian package

Other tools

Follow us on Twitter @ReproBuilds and please consider making a donation. Content licensed under CC BY-SA 4.0, style licensed under MIT. Templates and styles based on the Tor Styleguide. Logos and trademarks belong to their respective owners. Patches welcome via our Git repository (instructions) or via our mailing list.