Yo! Most should be familiar with the reproducible builds efforts going on in Arch Linux. The goal is to figure out how to make our packages reproducible, which can let users verify that our packages are a product of the PKGBUILD we upload and the source we claim it uses [1]. Last status update was in November [2]! Allan wrote about our attempts at manually reproducing core packages to find mistakes in them. This went fairly well and we managed to reproduce a great deal of packages [3]. The progress since then has been great. Jelle went to Marrakesh for the annual Reproducible Builds summit [4]. Improvements to the tooling have also been made. Most notably kpcyrd has written rebuilderd which was announced on the reproducible builds mailing list last week [5]. rebuilderd aims to be a general package rebuilder, supporting multiple distros with Arch being the first supported one. Rebuilderd allows anyone to easily create package rebuilders to reproduce distributed packages [6]. It currently utilizes `repro` for the reproduction itself [7]. As of writing this we have managed to reproduce 86%-90% of the `[core]` repository across 2-3 rebuilders! One of the rebuilders currently running is our own rebuilder [8]! The current setup runs with 3 worker boxes: * repro1.pkgbuild.com - Arch * repro2.pkgbuild.com - Arch * repro3.pkgbuild.com - Debian 10 One can also find a list of rebuilders currently running on the wiki [9]. A usecase for these rebuilders is to check the packages on your system is currently verified with one or more rebuilders. kpcyrd wrote ismyarchverifiedyet to check this [10]. It should be noted that everything is very much a work in progress. Just because a package is listed as bad doesn't mean it's unreproducible. It might be tooling bugs or other issues. However, if you want to take a look at it you can do so with `repro`, or `makerepropkg` in devtools[11]. Cheers from the Reproducible Builds Team! Sources: [1]: https://reproducible-builds.org/ [2]: https://lists.archlinux.org/pipermail/arch-dev-public/2019-November/029721.h... [3]: https://wiki.archlinux.org/index.php/DeveloperWiki:ReproduciblePackages [4]: https://reproducible-builds.org/events/Marrakesh2019/ [5]: https://lists.reproducible-builds.org/pipermail/rb-general/2020-April/001905... [6]: https://github.com/kpcyrd/rebuilderd [7]: https://github.com/archlinux/archlinux-repro [8]: https://reproducible.archlinux.org/ [9]: https://wiki.archlinux.org/index.php/Package_rebuilders [10]: https://github.com/kpcyrd/ismyarchverifiedyet [11]: https://git.archlinux.org/devtools.git/tree/makerepropkg.in -- Morten Linderud PGP: 9C02FF419FECBE16