This repository was archived by the owner on Sep 5, 2025. It is now read-only.
This repository was archived by the owner on Sep 5, 2025. It is now read-only.
[Bug]: .rpm packages builds are not reproducible #14
Description
Is this a critical security issue?
- This is not a security issue.
Describe the Bug
Building .rpm packages twice in a row produce different packages.
Expected Behavior
Builds should be reproducible.
Steps to Reproduce
romain@desktop-fln40kq /tmp $ git clone https://github.com/OpenVoxProject/openvox-agent
romain@desktop-fln40kq /tmp $ cd openvox-agent
romain@desktop-fln40kq /tmp/openvox-agent $ bundle config path /tmp/do-not-mess-up-with-system
romain@desktop-fln40kq /tmp/openvox-agent $ bundle install
romain@desktop-fln40kq /tmp/openvox-agent $ bundle exec rake 'vox:build[openvox-agent,el-10-x86_64]'
romain@desktop-fln40kq /tmp/openvox-agent $ md5sum output/el/10/openvox8/x86_64/*
ce1c68f824387040933a0eec2195ff36 output/el/10/openvox8/x86_64/openvox-agent-8.11.0.9.g287c1a384-1.el10.x86_64.rpm
romain@desktop-fln40kq /tmp/openvox-agent $ bundle exec rake 'vox:build[openvox-agent,el-10-x86_64]'
romain@desktop-fln40kq /tmp/openvox-agent $ md5sum output/el/10/openvox8/x86_64/*
22583a2436e358fca9b52f9f4c5eed37 output/el/10/openvox8/x86_64/openvox-agent-8.11.0.9.g287c1a384-1.el10.x86_64.rpmEnvironment
n/a
Additional Context
#3 was opened to fix similar issues when building .deb packages. While I could help with these Debian packages, we do not run EL anymore and I cannot work further on this topic. It is therefore open to anyone interested in improving RPM packages build reproducibility.