Scroll to navigation

DEBREPRO(1) DEBREPRO(1)

NAME

debrepro - reproducibility tester for Debian packages

SYNOPSIS

debrepro [OPTIONS] [SOURCEDIR]

DESCRIPTION

debrepro will build a given source directory twice, with a set of variations between the first and the second build, and compare the produced binary packages. If diffoscope is installed, it is used to compare non-matching binaries. If disorderfs is installed, it is used during the build to inject non-determinism in filesystem listing operations.

SOURCEDIR must be a directory containing an unpacked Debian source package. If SOURCEDIR is omitted, the current directory is assumed.

OUTPUT DIRECTORY

At the very end of a build, debrepro will inform the location of the output directory where the build artifacts can be found. In that directory, you will find:

$OUTPUTDIR/first
Contains the results of the first build, including a copy of the source tree, and the resulting binary packages.
$OUTPUTDIR/first/build.sh
Contains the exact build script that was used in the first build.
$OUTPUTDIR/second
Contains the results of the second build, including a copy of the source tree, and the resulting binary packages.
$OUTPUTDIR/second/build.sh
Contains the exact build script that was used in the second build.

Taking a diff(1) between $OUTPUTDIR/first/build.sh and $OUTPUTDIR/second/build.sh is an excellent way of figuring out exactly what changed between the two builds.

SUPPORTED VARIATIONS

The $USER environment variable will contain different values between the first and second builds.
During the second build, a fake, non-existing directory will be appended to the $PATH environment variable.
The builds will use different umask settings.
Both $LC_ALL and $LANG will be different across the two builds.
$TZ will be different across builds.
If disorderfs is installed, both builds will be done under a disorderfs overlay directory. This will cause filesystem listing operations to be return items in a non-deterministic order.
The second build will be executed 213 days, 7 hours and 13 minutes in the future with regards to the current time (using faketime(1)).

OPTIONS

Don't perform the named VARIATION. Variation names are the ones used in their description in section SUPPORTED VARIATIONS.
Run COMMAND before performing the second build. This can be used for example to apply a patch to a source tree for the second build, and check whether (or how) the resulting binaries are affected.

Examples:

  $ debrepro --before-second-build "git checkout branch-with-changes"
  $ debrepro --before-second-build "patch -p1 < /path/to/patch"
    
Use custom build command. Default: dpkg-buildpackage -b -us -uc.

If a custom build command is specified, the restriction of only running against a Debian source tree is relaxed and you can run debrepro against any source directory.

Define a file glob pattern to determine which artifacts need to be compared across the builds. Default: ../*.deb.
Do not copy the source directory to the temporary work directory before each build. Use this to run deprepro against the source directory directly.
Apply a timeout to all builds. TIME must be a time specification compatible with GNU timeout(1).
Display this help message and exit.

EXIT STATUS

0
Package is reproducible.

Reproducible here means that the two builds produced the exactly the same binaries, under the set of variations that debrepro tests. Other sources of non-determinism in builds that are not yet tested might still affect builds in the wild.

1
Package is not reproducible.
2
The given input is not a valid Debian source package.
3
Required programs are missing.

SEE ALSO

diffoscope (1), disorderfs (1), timeout(1)

AUTHOR

Antonio Terceiro <terceiro@debian.org>.

2022-06-21 Debian Utilities