diff options
Diffstat (limited to 'scripts/debrepro.pod')
-rw-r--r-- | scripts/debrepro.pod | 177 |
1 files changed, 177 insertions, 0 deletions
diff --git a/scripts/debrepro.pod b/scripts/debrepro.pod new file mode 100644 index 0000000..6cc7b2d --- /dev/null +++ b/scripts/debrepro.pod @@ -0,0 +1,177 @@ +=head1 NAME + +debrepro - reproducibility tester for Debian packages + +=head1 SYNOPSIS + +B<debrepro> [I<OPTIONS>] [I<SOURCEDIR>] + +=head1 DESCRIPTION + +B<debrepro> will build a given source directory twice, with a set of +variations between the first and the second build, and compare the +produced binary packages. If B<diffoscope> is installed, it is used to +compare non-matching binaries. If B<disorderfs> is installed, it is used +during the build to inject non-determinism in filesystem listing +operations. + +I<SOURCEDIR> must be a directory containing an unpacked Debian source +package. If I<SOURCEDIR> is omitted, the current directory is assumed. + +=head1 OUTPUT DIRECTORY + +At the very end of a build, B<debrepro> will inform the location of the +output directory where the build artifacts can be found. In that +directory, you will find: + +=over + +=item I<$OUTPUTDIR/first> + +Contains the results of the first build, including a copy of the source +tree, and the resulting binary packages. + +=item I<$OUTPUTDIR/first/build.sh> + +Contains the exact build script that was used in the first build. + +=item I<$OUTPUTDIR/second> + +Contains the results of the second build, including a copy of the source tree, +and the resulting binary packages. + +=item I<$OUTPUTDIR/second/build.sh> + +Contains the exact build script that was used in the second build. + +=back + +Taking a B<diff(1)> between I<$OUTPUTDIR/first/build.sh> and +I<$OUTPUTDIR/second/build.sh> is an excellent way of figuring out +exactly what changed between the two builds. + +=head1 SUPPORTED VARIATIONS + +=over + +=item B<user> + +The I<$USER> environment variable will contain different values between the +first and second builds. + +=item B<path> + +During the second build, a fake, non-existing directory will be appended to the +I<$PATH> environment variable. + +=item B<umask> + +The builds will use different umask settings. + +=item B<locale> + +Both I<$LC_ALL> and I<$LANG> will be different across the two builds. + +=item B<timezone> + +I<$TZ> will be different across builds. + +=item B<filesystem-ordering> + +If B<disorderfs> is installed, both builds will be done under a disorderfs +overlay directory. This will cause filesystem listing operations to be return +items in a non-deterministic order. + +=item B<time> + +The second build will be executed 213 days, 7 hours and 13 minutes in the +future with regards to the current time (using B<faketime(1)>). + +=back + +=head1 OPTIONS + +=over + +=item -s VARIATION, --skip VARIATION + +Don't perform the named VARIATION. Variation names are the ones used in +their description in section B<SUPPORTED VARIATIONS>. + +=item -b COMMAND, --before-second-build COMMAND + +Run COMMAND before performing the second build. This can be used for +example to apply a patch to a source tree for the second build, and +check whether (or how) the resulting binaries are affected. + +Examples: + + $ debrepro --before-second-build "git checkout branch-with-changes" + + $ debrepro --before-second-build "patch -p1 < /path/to/patch" + +=item -B COMMAND, --build-command COMMAND + +Use custom build command. Default: I<dpkg-buildpackage -b -us -uc>. + +If a custom build command is specified, the restriction of only running +against a Debian source tree is relaxed and you can run debrepro against +any source directory. + +=item -a PATTERN, --artifact-pattern PATTERN + +Define a file glob pattern to determine which artifacts need to be +compared across the builds. Default: I<../*.deb>. + +=item -n, --no-copy + +Do not copy the source directory to the temporary work directory before +each build. Use this to run debrepro against the source directory +directly. + +=item -t TIME, --timeout TIME + +Apply a timeout to all builds. I<TIME> must be a time specification +compatible with GNU timeout(1). + + +=item -h, --help + +Display this help message and exit. + +=back + +=head1 EXIT STATUS + +=over + +=item 0Z<> + +Package is reproducible. + +Reproducible here means that the two builds produced the exactly the +same binaries, under the set of variations that B<debrepro> tests. Other +sources of non-determinism in builds that are not yet tested might still +affect builds in the wild. + +=item 1Z<> + +Package is not reproducible. + +=item 2Z<> + +The given input is not a valid Debian source package. + +=item 3Z<> + +Required programs are missing. + +=back + +=head1 SEE ALSO + +diffoscope (1), disorderfs (1), timeout(1) + +=head1 AUTHOR + +Antonio Terceiro <terceiro@debian.org>. |