Skip to content

GH-49988: [CI][Packaging] Enable reproducible builds on host for APT based Linux packages#48148

Draft
raulcd wants to merge 13 commits into
apache:mainfrom
raulcd:GH-47798-3
Draft

GH-49988: [CI][Packaging] Enable reproducible builds on host for APT based Linux packages#48148
raulcd wants to merge 13 commits into
apache:mainfrom
raulcd:GH-47798-3

Conversation

@raulcd
Copy link
Copy Markdown
Member

@raulcd raulcd commented Nov 17, 2025
edited
Loading

Rationale for this change

Reproducible builds are a requirement to be able to add automated signing. We would like to be able to do automated signing for our Linux packages too as discussed here:
#47058 (comment)

What changes are included in this PR?

Some minor changes to our build to fix some Reproducible tests errors found. The main addition is adding a new step to our Linux Packaging GitHub actions workflow to run reprotest on the rake tasks to build the packages and compare the artifacts built.

Are these changes tested?

Yes on CI as part of the APT Packaging Linux jobs.

Are there any user-facing changes?

@raulcd raulcd mentioned this pull request Nov 17, 2025
Closed
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Nov 17, 2025

⚠️ GitHub issue #47798 has been automatically assigned in GitHub to PR creator.

@github-actions github-actions Bot added the awaiting committer review Awaiting committer review label Nov 17, 2025
@github-actions github-actions Bot added the CI: Extra: Package: Linux Run extra Linux Packages CI label May 12, 2026
@raulcd
Copy link
Copy Markdown
Member Author

raulcd commented May 18, 2026

@kou I was able to spend some more time here and with the help of Claude I was able to get successful Debian reproducible builds. The current CI failures are just timeouts, I should increase the timeout on this branch.

I've also spent some more days to try and get RPM's also reproducible but I haven't been able to achieve it so far.
Do you think it would be interesting to split it in two issues so we push Debian reproducible builds to be merged and try to achieve reproducible builds for RPM's in a future PR or would you prefer for me to push to this branch what I've attempted for RPM and we don't merge until we achieve reproducible builds for all Linux Packages?

@kou
Copy link
Copy Markdown
Member

kou commented May 18, 2026

Great! Let's work on RPM's reproducible builds as a separated work!

kou
kou reviewed May 18, 2026
View reviewed changes
Comment thread dev/tasks/linux-packages/apt/build.sh Outdated
Comment on lines +87 to +93
# Use a fixed build directory name instead of mktemp's random suffix.
# c_glib's meson generates pkgconfig files that bake the absolute
# build-tree path into Libs.private, so a random suffix breaks
# reproducibility across reprotest runs.
build_dir="${build_root_dir}/package"
run mkdir -p "${build_dir}"
run pushd "${build_dir}"
Copy link
Copy Markdown
Member

@kou kou May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I want to keep using random build directory path because it's one of important reproducible build checks. We can work on this as a follow-up task. I'll take a look at Meson.

Copy link
Copy Markdown
Member Author

@raulcd raulcd May 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've created a new issue to track this and have added a TODO comment on the code pointing to the new issue:

@github-actions github-actions Bot added awaiting changes Awaiting changes and removed awaiting committer review Awaiting committer review labels May 18, 2026
kou
kou reviewed May 18, 2026
View reviewed changes
Comment thread .github/workflows/package_linux.yml Outdated
@raulcd raulcd mentioned this pull request May 19, 2026
Open
@raulcd raulcd changed the title GH-47798: [CI][Packaging] Enable reproducible builds on host for Linux packages GH-49988: [CI][Packaging] Enable reproducible builds on host for Linux packages May 19, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 19, 2026

⚠️ GitHub issue #49988 has been automatically assigned in GitHub to PR creator.

@github-actions github-actions Bot added awaiting change review Awaiting change review and removed awaiting changes Awaiting changes labels May 19, 2026
@raulcd
Copy link
Copy Markdown
Member Author

raulcd commented May 19, 2026

I've ended up creating two sub-issues one for Debian based and one for RPM based that can be seen in the parent and have updated this PR to point to the Debian based.

@github-actions github-actions Bot added awaiting changes Awaiting changes and removed awaiting change review Awaiting change review labels May 19, 2026
@raulcd raulcd changed the title GH-49988: [CI][Packaging] Enable reproducible builds on host for Linux packages GH-49988: [CI][Packaging] Enable reproducible builds on host for APT based Linux packages May 19, 2026
@github-actions github-actions Bot added awaiting change review Awaiting change review and removed awaiting changes Awaiting changes labels May 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kou kou kou left review comments

@assignUser assignUser Awaiting requested review from assignUser assignUser will be requested when the pull request is marked ready for review assignUser is a code owner

@jonkeane jonkeane Awaiting requested review from jonkeane jonkeane will be requested when the pull request is marked ready for review jonkeane is a code owner

Assignees

No one assigned

Labels

awaiting change review Awaiting change review CI: Extra: Package: Linux Run extra Linux Packages CI Component: C++

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@raulcd @kou