cen <imbacen_at_gmail.com> wrote on Date: Sat, 08 Nov 2025 20:27:28 UTC :
> I would like to know if there is any conceivable way to do independent > reproducible builds of the ports tree packages today? > > The biggest obstacle seems to be the fact that FreeBSD does not have a > snapshot/archive repo equivalent to snapshot.debian.org. > > > My current approach is to fetch the .pkg, extract the ports_top_git_hash > metadata, checkout the ports tree to that commit and run e.g. poudriere > bulk -j "$JAIL" -p "$PORTS_TREE" "$ORIGIN" > > But I am not sure how poudriere handles changes in port tree commit > hash. If a next package comes in with a different ports_top_git_hash, > > will poudriere be able to reuse any common dependencies that were > already built or will it have to rebuild the whole tree again? > > The latter scenario is obviously a huge resource waste and an automatic no. > > > My first question is whether my approach is generally sound for trying > to reproduce a single package? If not, how should I correct my workflow? > > My second one is for any workarounds or "close enough" techniques that > would at least be able to reproduce some amount of packages. I'd be > happy even with 10% reproducibility. > > > If I can find some path forward, I'd like to ultimately add FreeBSD > support to rebuilderd, a cross-distro effort to make distro packages > independently reproducible. With 30000+ ports that can build 37000+ port-packages, I doubt anyone knows which ones can produce byte-for-byte exact matches from correctly matched inputs vs. which ones cannot overall. That likely could be a whole research topic of its own. I also do not know if port-package files (.pkg) would always match in cases where the installed materials would be a byte-for-byte match. Those two are not the same thing. Which are you after? Both types? === Mark Millard marklmi at yahoo.com
