Robin Candau<p>A lot of global improvements and achievements during this past month regarding reproducible builds 🎉<br /> <br />I also got a few upstream patches merged again 🥳</p><p><a href="https://reproducible-builds.org/reports/2025-03/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">reproducible-builds.org/report</span><span class="invisible">s/2025-03/</span></a></p><p><a href="https://fosstodon.org/tags/reproduciblebuilds" class="mention hashtag" rel="tag">#<span>reproduciblebuilds</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
10Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#reproduciblebuilds
2 posts · 2 participants · 0 posts today
Ian Brown 👨🏻💻<p>In fact, governments probably should only EVER deploy executables they have built themselves, using their own compilers (see the classic computer science paper Reflections on Trusting Trust). </p><p>You’d also need chip <a href="https://eupolicy.social/tags/microcode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>microcode</span></a> auditing and verification for security-critical systems. And some level of chip assurance. And 🇬🇧 Cell-like audits… Details to be determined 😉</p><p><a href="https://eupolicy.social/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ReproducibleBuilds</span></a><br> <a href="https://eupolicy.social/tags/StrategicAutonomy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StrategicAutonomy</span></a> <a href="https://eupolicy.social/tags/audit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>audit</span></a> <a href="https://eupolicy.social/tags/escrow" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>escrow</span></a></p>
IzzyOnDroid ✅<p>You're interested in Reproducible Builds for Android apps? We've just updated our Wiki on those:</p><p><a href="https://gitlab.com/IzzyOnDroid/repo/-/wikis/Reproducible-Builds/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gitlab.com/IzzyOnDroid/repo/-/</span><span class="invisible">wikis/Reproducible-Builds/</span></a></p><p>There are new pages for setting up build recipes, and debugging/fixing RBs – which should help you when running your own builder. Which you btw can set up on your Linux machine within 5 minutes using the scripts provided at <a href="https://codeberg.org/IzzyOnDroid/rbuilder_setup" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/IzzyOnDroid/rbuil</span><span class="invisible">der_setup</span></a> :awesome:</p><p>Developers also find pages there on making/keeping their apps RB.</p><p><a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> <a href="https://floss.social/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IzzyOnDroid</span></a></p>
IzzyOnDroid ✅<p>Welcome to the RB family, Farhan 🥳</p><p><a href="https://apt.izzysoft.de/packages/ly.com.tahaben.farhan" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">apt.izzysoft.de/packages/ly.co</span><span class="invisible">m.tahaben.farhan</span></a></p><p>Farhan empowers you to take control of your digital experience. Say goodbye to manipulative strategies used by other apps and get ready to focus on what matters to you.</p><p>Thanks to the work of Taha Ben Ashur, its developer, the app is now RB :awesome:</p><p><a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IzzyOnDroid</span></a></p>
IzzyOnDroid ✅<p>Welcome to the RB family, WalkersGuide 🥳</p><p><a href="https://apt.izzysoft.de/packages/org.walkersguide.android" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">apt.izzysoft.de/packages/org.w</span><span class="invisible">alkersguide.android</span></a></p><p>WalkersGuide is a navigational aid primarily intended for blind and visual impaired pedestrians. It calculates routes and shows nearby points of interest.</p><p>Thanks to the help by its developer, the app is RB now :awesome:</p><p><a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IzzyOnDroid</span></a></p>
IzzyOnDroid ✅<p>Welcome to the RB family, Rattlegram 🥳</p><p><a href="https://apt.izzysoft.de/packages/com.aicodix.rattlegram" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">apt.izzysoft.de/packages/com.a</span><span class="invisible">icodix.rattlegram</span></a></p><p>Rattlegram lets you transmit short text messages over COFDMTV encoded audio signals.</p><p>Thanks to joined efforts with its developer, Rattlegram (along with its 2 sister-apps) is now RB :awesome:</p><p><a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IzzyOnDroid</span></a></p>
IzzyOnDroid ✅<p>Welcome to the RB family, Inure 🥳</p><p><a href="https://github.com/Hamza417/Inure" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/Hamza417/Inure</span><span class="invisible"></span></a></p><p>Inure is a powerful open source applications manager and analyzer with a good-looking & easy to use interface.</p><p>Joint efforts from 3 parties at work here. Most work was done by the developer (thank you, Hamza!) F-Droid devs joined in, and IzzyOnDroid's new builder tools finally brought in the victory on the developer's side. With the next sync, Inure will be available at IoD and F-Droid as RB :awesome:</p><p><a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IzzyOnDroid</span></a></p>
IzzyOnDroid ✅<p>Cheers 🥂</p><p>555 apps (43.1%)</p><p><a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IzzyOnDroid</span></a></p>
LavX News<p>Enhancing Software Supply Chain Security: The Quest for Reproducible Releases</p><p>In an era where software supply chain security is paramount, developers are challenged to create reproducible releases. This article delves into the technical hurdles and innovative solutions that are...</p><p><a href="https://news.lavx.hu/article/enhancing-software-supply-chain-security-the-quest-for-reproducible-releases" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/enhancing</span><span class="invisible">-software-supply-chain-security-the-quest-for-reproducible-releases</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://mastodon.cloud/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ReproducibleBuilds</span></a> <a href="https://mastodon.cloud/tags/CI_CD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CI_CD</span></a></p>
jbz<p>"Over the last few releases, we changed our build infrastructure to make package builds reproducible. This is enough to reach 90%. The remaining issues need to be fixed in individual packages. After this Change, package builds are expected to be reproducible. Bugs will be filed against packages when an irreproducibility is detected. The goal is to have no fewer than 99% of package builds reproducible."</p><p><a href="https://www.phoronix.com/news/Fedora-43-Expect-Reproducible" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">phoronix.com/news/Fedora-43-Ex</span><span class="invisible">pect-Reproducible</span></a></p><p><a href="https://indieweb.social/tags/fedora" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fedora</span></a> <a href="https://indieweb.social/tags/reproduciblebuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproduciblebuilds</span></a> <a href="https://indieweb.social/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://indieweb.social/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a></p>
IzzyOnDroid ✅<p>Oh, and the Readme of the rbuilder_setup repo needed a few updates as well 🙈 Done now: <a href="https://codeberg.org/IzzyOnDroid/rbuilder_setup" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/IzzyOnDroid/rbuil</span><span class="invisible">der_setup</span></a></p><p>If you've set up a builder, we'd love to hear from your experiences – concerning the setup (was it easy enough and straight-forward?) as well as from operation :awesome:</p><p><a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> <a href="https://floss.social/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a></p>
IzzyOnDroid ✅<p>With our rbuilder_setup scripts now ready, the wiki page on Verification Builders has been updated, too:</p><p><a href="https://gitlab.com/IzzyOnDroid/repo/-/wikis/Reproducible-Builds/Verification-Builder" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gitlab.com/IzzyOnDroid/repo/-/</span><span class="invisible">wikis/Reproducible-Builds/Verification-Builder</span></a></p><p><a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IzzyOnDroid</span></a></p>
IzzyOnDroid ✅<p>Wanted to run your own builder for <a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> and were disappointed our RBuilder Setup was only available for Debian-based systems? Then we have good news for you: a few min ago, 2 PRs have been merged. The setup scripts now also support RPM & Arch based systems 🥳</p><p>RPM/Arch lack packages for apksigner & dexdiff (which are needed for debugging). We're on it, those will follow hopefully soon™.</p><p>Thanks to <span class="h-card" translate="no"><a href="https://mastodon.social/@Iamlooker" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Iamlooker</span></a></span> and Patrick (from FlorisBoard) for your help!</p><p><a href="https://codeberg.org/IzzyOnDroid/rbuilder_setup" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/IzzyOnDroid/rbuil</span><span class="invisible">der_setup</span></a></p>
Brandon Mitchell<p>I finally took some time today to fire up the blog to talk about <a href="https://fosstodon.org/tags/reproducibleBuilds" class="mention hashtag" rel="tag">#<span>reproducibleBuilds</span></a>. I see them as both an ideal component of a secure build pipeline. And yet it has challenges that keep them from being used by just about everyone. By "everyone", sure, some have made their builds reproducible, but how many of their users verify that? There's a lot left to do.</p><p><a href="https://bmitch.net/blog/2025-03-20-reproducible-builds/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">bmitch.net/blog/2025-03-20-rep</span><span class="invisible">roducible-builds/</span></a></p>
IzzyOnDroid ✅<p>We just got our first feedback on our RB builder setup scripts (<a href="https://codeberg.org/IzzyOnDroid/rbuilder_setup" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/IzzyOnDroid/rbuil</span><span class="invisible">der_setup</span></a>) today, and that made us really happy, seeing a goal achieved:</p><p>> I did set up and ran your scripts in my Ubuntu server (noble) and found the process of setting it up a breeze, and it helped me a lot into finding the source of the issue.</p><p>So if you're an Android dev looking into getting your app RB, it might be worth a try!</p><p><a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IzzyOnDroid</span></a> <a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a></p>
IzzyOnDroid ✅<p>A salute to Douglas Adams: RB coverage at the IzzyOnDroid repo now reached 42% (covering 536 apps) 🥳</p><p><a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IzzyOnDroid</span></a></p>
IzzyOnDroid ✅<p>For our "automated builder setup", I've just prepared a PR adding support for RPM based systems. The PR is still marked WIP as I don't have any RPM test system at hand here – so I'm calling out for help:</p><p>Anybody willing to test the setup scripts on Fedora, RHEL, CentOS or the likes? 🙏 </p><p>(more tests on Debian-based systems (Debian, Ubuntu, Mint …) are of course welcome, too)</p><p><a href="https://codeberg.org/IzzyOnDroid/rbuilder_setup/pulls/4" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/IzzyOnDroid/rbuil</span><span class="invisible">der_setup/pulls/4</span></a></p><p>:boost_love:</p><p><a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> <a href="https://floss.social/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a></p>
IzzyOnDroid ✅<p>Welcome to the RB family, Minimo Launcher 🥳</p><p><a href="https://apt.izzysoft.de/packages/com.minimo.launcher" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">apt.izzysoft.de/packages/com.m</span><span class="invisible">inimo.launcher</span></a></p><p>Designed for users who want to de-clutter their home screen, Minimo offers a clean and intuitive minimalist interface that prioritizes functionality without unnecessary distractions.</p><p>And thanks to the efforts by its developer, its new release today is RB :awesome:</p><p>RB status at IoD now: 530 apps (41.7%)</p><p><a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IzzyOnDroid</span></a> <a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a></p>
IzzyOnDroid ✅<p>Welcome to the RB family, RadioUpnp 🥳</p><p><a href="https://apt.izzysoft.de/packages/com.watea.radio_upnp" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">apt.izzysoft.de/packages/com.w</span><span class="invisible">atea.radio_upnp</span></a></p><p>RadioUpnp reads any internet radio. Minimalist and full customizable. With support for UPnP/DLNA. And thanks to the efforts by its developer, with its latest release today it is reproducible :awesome:</p><p>So the current RB status at the IzzyOnDroid repo is: 508 apps (40.6%)</p><p><a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IzzyOnDroid</span></a></p>
IzzyOnDroid ✅<p>New day, new Milestone: now 500 apps at <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IzzyOnDroid</span></a> are <a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> :awesome:</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload