# Reproducible Distro Build Pipeline (Container-Based Builders)

## Module
BinaryIndex

## Status
VERIFIED

## Description
Container-based reproducible build pipeline for Alpine, Debian, and RHEL packages. Rebuilds upstream source packages in isolated containers to produce reference binaries for function-level fingerprint comparison, enabling backport detection by comparing distro-patched binaries against unpatched originals.

## Implementation Details
- **Modules**: `src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/`, `src/BinaryIndex/StellaOps.BinaryIndex.Worker/`
- **Key Classes**:
  - `ReproducibleBuildJob` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/ReproducibleBuildJobTypes.cs`) - orchestrates distro-specific builds and fingerprint/patch-diff attribution
  - `ReproducibleBuildJob` compatibility implementation (`src/BinaryIndex/StellaOps.BinaryIndex.Worker/Jobs/ReproducibleBuildJob.cs`)
  - `ReproducibleBuildOptions` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/ReproducibleBuildJobTypes.cs`) - build configuration (timeouts, architecture, concurrency)
  - `IReproducibleBuilder` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/IReproducibleBuilder.cs`) - abstraction for container-based builds
  - `BuilderServiceOptions` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/BuilderOptions.cs`) - builder infrastructure configuration
  - `GuidProvider` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/GuidProvider.cs`) - deterministic GUID generation for reproducibility
- **Integration**: Uses `IFingerprintClaimRepository` to store build verification claims; integrates with `IPatchDiffEngine` for post-build binary comparison
- **Source**: SPRINT_1227_0002_0001_LB_reproducible_builders.md

## E2E Test Plan
- [ ] Trigger a reproducible build for a Debian package and verify reference binaries are produced
- [ ] Compare distro-patched binary against unpatched original and verify fingerprint differences
- [ ] Verify container isolation: build runs in isolated container with controlled environment
- [ ] Verify `FingerprintClaim` records are generated with build provenance evidence
- [ ] Verify `GuidProvider` produces deterministic GUIDs for identical build inputs
- [ ] Verify backport detection: distro-patched binary with backported fix is correctly identified

## Verification
- Run ID: `run-001`
- Verified at: `2026-02-12T06:09:39.1151882Z`
- Evidence:
  - `docs/qa/feature-checks/runs/binaryindex/reproducible-distro-build-pipeline/run-001/tier0-source-check.json`
  - `docs/qa/feature-checks/runs/binaryindex/reproducible-distro-build-pipeline/run-001/tier1-build-check.json`
  - `docs/qa/feature-checks/runs/binaryindex/reproducible-distro-build-pipeline/run-001/tier2-e2e-check.json`