debrepro - reproducibility tester for Debian packages
debrepro [
OPTIONS] [
SOURCEDIR]
debrepro will build a given source directory twice, with a set of
variations between the first and the second build, and compare the produced
binary packages. If
diffoscope is installed, it is used to compare
non-matching binaries. If
disorderfs is installed, it is used during
the build to inject non-determinism in filesystem listing operations.
SOURCEDIR must be a directory containing an unpacked Debian source
package. If
SOURCEDIR is omitted, the current directory is assumed.
At the very end of a build,
debrepro will inform the location of the
output directory where the build artifacts can be found. In that directory,
you will find:
-
$OUTPUTDIR/first
- Contains the results of the first build, including a copy
of the source tree, and the resulting binary packages.
-
$OUTPUTDIR/first/build.sh
- Contains the exact build script that was used in the first
build.
-
$OUTPUTDIR/second
- Contains the results of the second build, including a copy
of the source tree, and the resulting binary packages.
-
$OUTPUTDIR/second/build.sh
- Contains the exact build script that was used in the second
build.
Taking a
diff(1) between
$OUTPUTDIR/first/build.sh and
$OUTPUTDIR/second/build.sh is an excellent way of
figuring out exactly what changed between the two builds.
- user
- The $USER environment variable will
contain different values between the first and second builds.
- path
- During the second build, a fake, non-existing directory
will be appended to the $PATH environment
variable.
- umask
- The builds will use different umask settings.
- locale
- Both $LC_ALL and
$LANG will be different across the two builds.
- timezone
-
$TZ will be different across
builds.
- filesystem-ordering
- If disorderfs is installed, both builds will be done
under a disorderfs overlay directory. This will cause filesystem listing
operations to be return items in a non-deterministic order.
- time
- The second build will be executed 213 days, 7 hours and 13
minutes in the future with regards to the current time (using
faketime (1)).
- -s VARIATION, --skip VARIATION
- Don't perform the named VARIATION. Variation names are the
ones used in their description in section SUPPORTED
VARIATIONS.
- -b COMMAND, --before-second-build COMMAND
- Run COMMAND before performing the second build. This can be
used for example to apply a patch to a source tree for the second build,
and check whether (or how) the resulting binaries are affected.
Examples:
$ debrepro --before-second-build "git checkout branch-with-changes"
$ debrepro --before-second-build "patch -p1 < /path/to/patch"
- -B COMMAND, --build-command COMMAND
- Use custom build command. Default: dpkg-buildpackage -b
-us -uc.
If a custom build command is specified, the restriction of only running
against a Debian source tree is relaxed and you can run debrepro against
any source directory.
- -a PATTERN, --artifact-pattern PATTERN
- Define a file glob pattern to determine which artifacts
need to be compared across the builds. Default: ../*.deb.
- -n, --no-copy
- Do not copy the source directory to the temporary work
directory before each build. Use this to run debrepro against the source
directory directly.
- -t TIME, --timeout TIME
- Apply a timeout to all builds. TIME must be a time
specification compatible with GNU timeout(1).
- -h, --help
- Display this help message and exit.
- 0
- Package is reproducible.
Reproducible here means that the two builds produced the exactly the same
binaries, under the set of variations that debrepro tests. Other
sources of non-determinism in builds that are not yet tested might still
affect builds in the wild.
- 1
- Package is not reproducible.
- 2
- The given input is not a valid Debian source package.
- 3
- Required programs are missing.
diffoscope (1), disorderfs (1),
timeout(1)
Antonio Terceiro <
[email protected]>.