debrepro - reproducibility tester for Debian packages
debrepro [OPTIONS] [SOURCEDIR]
debrepro will build a given source directory twice, with a
set of variations between the first and the second build, and compare the
produced binary packages. If diffoscope is installed, it is used to
compare non-matching binaries. If disorderfs is installed, it is used
during the build to inject non-determinism in filesystem listing
operations.
SOURCEDIR must be a directory containing an unpacked Debian
source package. If SOURCEDIR is omitted, the current directory is
assumed.
At the very end of a build, debrepro will inform the
location of the output directory where the build artifacts can be found. In
that directory, you will find:
- $OUTPUTDIR/first
- Contains the results of the first build, including a copy of the source
tree, and the resulting binary packages.
- $OUTPUTDIR/first/build.sh
- Contains the exact build script that was used in the first build.
- $OUTPUTDIR/second
- Contains the results of the second build, including a copy of the source
tree, and the resulting binary packages.
- $OUTPUTDIR/second/build.sh
- Contains the exact build script that was used in the second build.
Taking a diff(1) between
$OUTPUTDIR/first/build.sh and
$OUTPUTDIR/second/build.sh is
an excellent way of figuring out exactly what changed between the two
builds.
- user
- The $USER environment
variable will contain different values between the first and second
builds.
- path
- During the second build, a fake, non-existing directory will be appended
to the $PATH environment
variable.
- umask
- The builds will use different umask settings.
- locale
- Both $LC_ALL and
$LANG will be different
across the two builds.
- timezone
- $TZ will be different across
builds.
- filesystem-ordering
- If disorderfs is installed, both builds will be done under a
disorderfs overlay directory. This will cause filesystem listing
operations to be return items in a non-deterministic order.
- time
- The second build will be executed 213 days, 7 hours and 13 minutes in the
future with regards to the current time (using
faketime(1)).
- -s VARIATION, --skip
VARIATION
- Don't perform the named VARIATION. Variation names are the ones used in
their description in section SUPPORTED VARIATIONS.
- -b COMMAND, --before-second-build
COMMAND
- Run COMMAND before performing the second build. This can be used for
example to apply a patch to a source tree for the second build, and check
whether (or how) the resulting binaries are affected.
Examples:
$ debrepro --before-second-build "git checkout branch-with-changes"
$ debrepro --before-second-build "patch -p1 < /path/to/patch"
- -h, --help
- Display this help message and exit.
- 0
- Package is reproducible.
Reproducible here means that the two builds produced the
exactly the same binaries, under the set of variations that
debrepro tests. Other sources of non-determinism in builds that
are not yet tested might still affect builds in the wild.
- 1
- Package is not reproducible.
- 2
- The given input is not a valid Debian source package.
- 3
- Required programs are missing.
diffoscope (1), disorderfs (1),
Antonio Terceiro <terceiro@debian.org>.