Tools
Several tools are available to make your life easier when working on reproducible builds.
diffoscope
diffoscope will try to get to the bottom of what makes files or directories different. It will recursively unpack archives of many kinds and transform various binary formats into more human-readable forms for comparison. It can compare two tarballs, ISO images, or PDFs just as easily. See an example HTML and text output.
Homepage Git Issues Merge requests Debian package PyPI Arch Linux package
rebuilderd
rebuilderd monitors the package repository of a linux distribution and uses rebuilder backends like archlinux-repro to verify the provided binary packages can be reproduced from the published source code.
Homepage Issues Arch Linux Documentation Arch Linux Results
archlinux-repro
repro is a rebuilder backend
that verifies a given Arch Linux package. It uses the embedded .BUILDINFO
file to reconstruct an identical build environment and repeats the build
from source, then compares the input package with the package generated
during the verification build.
Homepage Issues Arch Linux package
trydiffoscope
If you wish to just experiment with diffoscope
without installing a large number of run-time dependencies, you can use the
try.diffoscope.org service directly from your
web browser. A lightweight client is also available as the trydiffoscope
command-line utility.
Homepage Git Merge requests Debian package PyPI
disorderfs
Problems with unstable order of inputs or other variations introduced by filesystems can sometimes be hard to track down. disorderfs is an overlay FUSE filesystem that deliberately introduces non-determinism into filesystem metadata. For example, it can randomize the order in which directory entries are read.
Git Merge requests Debian package Arch Linux package
strip-nondeterminism
Some tools used in build systems might introduce non-determinism in ways
difficult to fix at the source, which requires post-processing.
strip-nondeterminism
knows how to normalise various file formats such as
gzipped files, ZIP archives, and Jar files. It is written in Perl with
extensibility in mind.
Git Issues Merge requests Debian package Arch Linux package
reprotest
reprotest builds the same source code in different environments and then checks the binaries produced by the builds to see if changing the environment, without changing the source code, changed the generated binaries.
Git Merge requests Debian package Arch Linux package
Other tools
- reproducible-build-maven-plugin for the Apache Maven build tool, popular with Java projects.
- sbt-reproducible-builds plugin for the sbt build tool, popular with Scala projects.
- apksigcopier and reproducible-apk-tools for creating reproducible Android APKs and comparing APK (meta)data.
- rbtlog: a rebuilder framework with recipes to build Android APKs for various apps and rebuild logs forming a transparency log of reproduction attempts.
- diffoci: diff for Docker and OCI (Open Container Initiative) container images
Misc
- Style guide for reproducible-builds.org - this guide aims to provide standards, principles and components to design consistent views related to the Reproducible Builds project.
Signed tarballs are available for our tools.