Job orb

README

Skip to build

orb: check opam package reproducibility

This tool can check if an opam package build is reproductible (cf. https://reproducible-builds.org). It has two subcommands: build and rebuild.

The orb build conducts a build of an opam package, and collects the build result (and hashes thereof) and the build input (or build info), consisting of:

The orb rebuild takes this data as input and conducts a second build with the same environment, and compares that the hashes of the produced binaries are identical.

The orb build also has a command-line flag "--twice" to conduct a build and a rebuild directly afterwards. For debugging reproducibility, a "--keep-build" (useful with opam's "--keep-build-dir") option is provided that allows to compare intermediate build products as well.

Please have a look at "--diffoscope", "--out", "--switch-name", "--solver-timeout", "--date", and other command line parameters.

It is currently used as a payload of builder-worker to run the reproducible MirageOS unikernels infrastructure.

Binary packages for different platforms (Debian, Ubuntu, FreeBSD) are available at https://builds.robur.coop

Install & use

$ opam pin git+https://github.com/roburio/orb#next
$ orb build --twice --repos=default:https://opam.ocaml.org cmdliner

Simple (and fast) failing and successful reproducible opam packages are in the reproducible-testing-repo.

Build 2021-11-24 16:26:30Z

Back to readme

Built on platform debian-11

Build took 9min21s.

Execution result: exited 0.

Build info

Build artifacts

bin/orb.deb
SHA256:a6ba690ddcb2719e7f4d11a4a50108a78dc191c2dcb85d743809ff09e267123f (4.11MB)
build-environment
SHA256:b1d90053f64bfd293076842903cf55eb2cf90a8c82cf91450a156d030f7c864b (352B)
opam-switch
SHA256:ccaba82a2576e2eae424d2c7b3ab86b500bd529c33c9eb609414a66b1af5f887 (53.7kB)
system-packages
SHA256:b9235c763470e23f7dd1d9fc65be21cd0caca36a220be9865c64eea28f6ddc79 (3.25kB)

Reproduced by 18 builds

Comparisons with other builds on the same platform