Fedora change aims for 99% package reproducibility

Summary

By Joe BrockmeierMarch 31, 2025 The effort to ensure that open-source software is reproducible has been gathering steam over the years, and gaining traction with major Linux distributions. Debian, for example, has been working toward reproducible builds for more than a decade; it can now produce official live CDs of the current stable release that are reproducible. Fedora started on the path much later, but it has progressed far enough that the project is now considering a change proposal for the Fedora 43 development cycle, expected to be released in October, with a goal of making 99% of Fedora's package builds reproducible. So far, reaction to the proposal seems favorable and focused primarily on how to achieve the goal—with minimal pain for packagers—rather than whether to attempt it. Defining reproducible builds The Reproducible Builds project defines a build as reproducible if "given the same source code, build environment and build instructions, any party can recreate bit-by-bit identical copies of all specified artifacts". In a 2023 hackfest report, Zbigniew Jędrzejewski-Szmek said that Fedora has not prioritized reproducible builds in the past because Fedora has more control over its build process than Debian and other distributions. Because Debian allows maintainers to generate source packages on their local system and to upload some locally built packages for distribution to users, he said that "trust in the contents of both source and binary packages is low." (Debian's build daemons build most binary packages from source for distribution to users, but there are exceptions.) Fedora, on the other hand, exercises much more control over packages. In Fedora, all packages that are distributed to users are built in the centralized, strongly controlled infrastructure. All source rpms are built from "dist-git": a git repository which contains the build "recipe" and a cryptographic hash of package sources, so it is relatively easy to verify what changed between pac...