Job orb

README

Skip to build

orb: check opam package reproducibility

This tool can check if an opam package build is reproductible (cf. https://reproducible-builds.org). It has two subcommands: build and rebuild.

The orb build conducts a build of an opam package, and collects the build result (and hashes thereof) and the build input (or build info), consisting of:

The orb rebuild takes this data as input and conducts a second build with the same environment, and compares that the hashes of the produced binaries are identical.

The orb build also has a command-line flag "--twice" to conduct a build and a rebuild directly afterwards. For debugging reproducibility, a "--keep-build" (useful with opam's "--keep-build-dir") option is provided that allows to compare intermediate build products as well.

Please have a look at "--diffoscope", "--out", "--switch-name", "--solver-timeout", "--date", and other command line parameters.

It is currently used as a payload of builder-worker to run the reproducible MirageOS unikernels infrastructure.

Binary packages for different platforms (Debian, Ubuntu, FreeBSD) are available at https://builds.robur.coop

Install & use

$ opam pin git+https://github.com/roburio/orb#next
$ orb build --twice --repos=default:https://opam.ocaml.org cmdliner

Simple (and fast) failing and successful reproducible opam packages are in the reproducible-testing-repo.

Build 2022-01-14 15:51:53Z

Back to readme

Built on platform ubuntu-20.04

Build took 4min49s.

Execution result: exited 0.

Build info

Build artifacts

bin/orb.deb
SHA256:114062307767f3326e8e5f1b5726eced4da38201218c5b127466e585c6095c98 (4.14MB)
build-environment
SHA256:f301d2cafe93c27b1fe9adad5d011cfda2aa9e5a8ef38944b09882169cc92a53 (355B)
opam-switch
SHA256:f0bae5ae93f8f1a7241589b7a848a27c0dd159ef8632580102ac631ab644c805 (53.7kB)
system-packages
SHA256:54addeebdc114fc2122afcbbe028c944818092141e9c04f941fdbe268ed21565 (4.48kB)

Reproduced by 9 builds

Comparisons with other builds on the same platform