Developers of the Opensuse District reported about the successes of support for repeated assemblies. Within the framework of the project, the conceptual Fork of the distribution reproduceble-opensuse (rbos), for which 100% of identical binary packets based on the basis, based on the proposed repository with the initial texts with 3300 packages. In the process of working on the project, about 40 patches were prepared (1, 2, 3) solving problems with repeated transmission packages. About half of these patches has already been transferred to Upstream projects. REPRODUCIBLE-OPENSUS assemblies are still designed only for testing and are not recommended for use in working systems, since they do not form updates with the elimination of vulnerabilities.
The project allows the user to form his own assemblies that coincide with the offered assemblies proposed for downloading to make sure that binary files distributed in packages are collected from the initial texts provided and do not contain hidden changes. The ability to check the identity of binary assembly makes it possible not to rely only on trust in the assembly infrastructure of the distribution, compromising a compiler or assembly tools in which can lead to a substitution of hidden bookmarks.
When forming repeated assemblies, such nuances as an accurate correspondence of dependencies, the use of the unchanging composition and versions of assembly tools, an identical set of options and default settings, maintaining the order of assembly of files (applying the same sorting methods), and the disconnection of adding a compilers of unstable official information, such as random values, links to file tracks and data on the date and assembly time. The reproducibility of assemblies is also affected by errors and conditions of the race in tools.