Although it took almost a year, NetBSD, a Unix-like open-source operating system, now has reproducible builds.
To recap the features of NetBSD, the system operates on a range of hardware platforms, and its basic features include code quality, portability, secure defaults, and research and innovation. A big challenge that NetBSD developers have been working on is getting reproducible builds on NetBSD, and as of yesterday, it has fully reproducible builds on AMD64 and SPARC64, wrote Christos Zoulas, a developer with the NetBSD project.
Reproducible builds are a set of software development practices that create a path from human-readable source code to the binary code used by computers, according to the site reproducible-builds.org. Reproducible builds give developers confidence that the distributed binary code is in fact coming from a given source code, and several free software projects already provide reproducible builds, according to the site.
When working on getting reproducible builds on NetBSD, Zoulas wrote that there were many reasons why two separate builds from the same sources were different. For instance, differences can come from timestamps, timezone-sensitive code, non-sanitized data stored into files, and general tool inconsistencies, he wrote.
In the future, NetBSD developers plan on working on the following areas in order to improve reproducible builds:
- Vary more parameters on the system build (filesystem types, build OSes)
- Verify that cross building is reproducible
- Verify that unprivileged builds work
- Test on all the platforms
Other developers have been making improvements on NetBSD for the past six years, said Zoulas, such as those from Debian who provided a platform to run, test and analyze reproducible builds. When working on reproducible builds, Zoulas used the diffoscope tool, which gave him an overview of what is different between binary files and what files were containers.
Other developers worked on getting NetBSD reproducible builds, like Thomas Klausner and Joerg Sonnenberger. Luke Mewburn and Todd Vierling also contributed their work on build.sh.