{"id":28807274,"url":"https://github.com/edgelesssys/reproducible-mkosi","last_synced_at":"2025-10-26T18:40:18.752Z","repository":{"id":220641030,"uuid":"680236152","full_name":"edgelesssys/reproducible-mkosi","owner":"edgelesssys","description":"Build bit-by-bit reproducible OS images with mkosi and Nix","archived":false,"fork":false,"pushed_at":"2024-02-07T10:20:37.000Z","size":169,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-02-07T11:31:41.336Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/edgelesssys.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-08-18T17:17:36.000Z","updated_at":"2024-02-05T09:08:36.000Z","dependencies_parsed_at":"2024-02-07T11:30:57.387Z","dependency_job_id":"a9428e46-2798-46fa-9453-c42595a68c68","html_url":"https://github.com/edgelesssys/reproducible-mkosi","commit_stats":null,"previous_names":["edgelesssys/reproducible-mkosi"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/edgelesssys/reproducible-mkosi","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edgelesssys%2Freproducible-mkosi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edgelesssys%2Freproducible-mkosi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edgelesssys%2Freproducible-mkosi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edgelesssys%2Freproducible-mkosi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/edgelesssys","download_url":"https://codeload.github.com/edgelesssys/reproducible-mkosi/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edgelesssys%2Freproducible-mkosi/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260546312,"owners_count":23025914,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-18T11:40:34.827Z","updated_at":"2025-10-26T18:40:18.741Z","avatar_url":"https://github.com/edgelesssys.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eReproducible mkosi\u003c/h1\u003e\n\u003ch3 align=\"center\"\u003eBuild bit-by-bit reproducible OS images\u003c/h3\u003e\n\u003cbr\u003e\n\u003cbr\u003e\n\u003cbr\u003e\n\n[mkosi](https://github.com/systemd/mkosi) is a tool for building customized OS images.\nThis repository shows how to use [Nix](https://nixos.org/) to pin mkosi and required\ntools and build bit-by-bit reproducible OS images.\n\n\n### Usage\n\n1. Clone the repository\n    ```shell-session\n    git clone https://github.com/edgelesssys/reproducible-mkosi\n    cd reproducible-mkosi\n    ```\n2. Install nix (we recommend the [determinate systems installer](https://github.com/DeterminateSystems/nix-installer))\n3. Enter a shell with mkosi and package manager tools for Fedora or Ubuntu\n    ```shell-session\n    nix develop .#mkosi-fedora\n    # or\n    nix develop .#mkosi-ubuntu\n    ```\n4. Perform two builds and compare the output\n    ```shell-session\n    nix run .#diffimage fedora\n    # or\n    nix run .#diffimage ubuntu\n    ```\n\n### History of getting and keeping this reproducible\n\nHours of debugging went into making this fully reproducible, and there are still things left to do,\nespecially regarding the handling of packages pulled in by the package manger of the target distro.\nIn the following, we list some work we did upstream that explicitly fix reproducibility issues.\n\n- [**systemd/mkosi** propagate SOURCE_DATE_EPOCH when calling systemd-repart](https://github.com/systemd/mkosi/pull/1834)\n- [**systemd/mkosi** add config setting seed to set systemd-repart --seed](https://github.com/systemd/mkosi/pull/1837)\n- [**systemd/mkosi** normalize mtime](https://github.com/systemd/mkosi/pull/1839)\n- [**systemd/mkosi** make_tar: do not emit extended PAX headers for atime, ctime and mtime](https://github.com/systemd/mkosi/pull/1982)\n- [**systemd/mkosi** make_cpio: sort files used as cpio input](https://github.com/systemd/mkosi/pull/2163)\n- [**systemd/mkosi** \"-C\" flag results in inconsistent relative path handling](https://github.com/systemd/mkosi/issues/1879)\n- [**systemd/systemd** repart: temporary hardlink store leaks into final image when host uses btrfs](https://github.com/systemd/systemd/issues/29606)\n- [**systemd/systemd** mkfs-util: propagate SOURCE_DATE_EPOCH to mcopy](https://github.com/systemd/systemd/pull/29000)\n- [**authselect/authselect** remove timestamp from generated files](https://github.com/authselect/authselect/pull/350)\n- [**NixOS/nixpkgs** dosfstools: backport reproducible builds patch](https://github.com/NixOS/nixpkgs/pull/252282)\n\n### Open tasks\n\n- [ ] Pin and archive rpm/deb packages\n- [ ] Build more parts of the CVM TCB (firmware, kernel, packages from source)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedgelesssys%2Freproducible-mkosi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fedgelesssys%2Freproducible-mkosi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedgelesssys%2Freproducible-mkosi/lists"}