https://github.com/rjbou/orb
check opam package reproductibility
https://github.com/rjbou/orb
ocaml opam reproducible-builds
Last synced: 6 months ago
JSON representation
check opam package reproductibility
- Host: GitHub
- URL: https://github.com/rjbou/orb
- Owner: rjbou
- Created: 2019-10-30T15:32:24.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2020-04-20T20:00:32.000Z (over 5 years ago)
- Last Synced: 2025-04-13T22:13:29.269Z (6 months ago)
- Topics: ocaml, opam, reproducible-builds
- Language: OCaml
- Homepage:
- Size: 7.81 KB
- Stars: 8
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# orb: check opam package reproductibility
This tool can check if an opam package build is reproductible (cf.
https://reproducible-builds.org). It installs the package twice (different path
& time) and check that installed files have the same hash.
## Install & use
```
$ opam pin git+https://github.com/rjbou/orb
$ orb pkg [--diiffoscope]
```
This project is currently in early beta.
## How does it work?
`orb` uses an already installed `opam` & opam root, and it follows those steps:
- Install of two new switches in `/tmp`
- Install of packages dependencies
- Install of required packages
- Retrieves hashes of installed files and look for mismatches
- Remove temporary switches
With option `--diffoscope`, mismatching files are copied locally and their diff
generated, using [`diffoscope`](https://diffoscope.org/).
As `orb` generates temporary switches, packages dependencies are installed each
time (also compiler), which can be time consuming when working on a package.
Option `--use-switches sw1,sw2` can be used to give reusable switches.
`--keep-switches` option permit to keep those generated switches for
investigation needs. To manually remove them, don't just remove directory, but
use `opam switch remove `.