35 lines
1.6 KiB
Markdown
35 lines
1.6 KiB
Markdown
# Reproducible Rebuild Service (reproduce.debian.net Integration)
|
|
|
|
## Module
|
|
Scanner
|
|
|
|
## Status
|
|
VERIFIED
|
|
|
|
## Description
|
|
Integration with reproduce.debian.net for reproducible rebuild verification, with local rebuild backend and determinism validator. Enables binary identity verification by comparing rebuilt binaries against published ones. Distinct from the known "Reproducible build verification" which is a high-level concept - this is the concrete service implementation.
|
|
|
|
## Implementation Details
|
|
- **Reproducibility Verification**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Analyzers/ReproducibilityVerifier.cs` - `ReproducibilityVerifier` verifies binary identity by comparing rebuilt binaries against published ones
|
|
- **Rebuild Proof**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Emit/Lineage/RebuildProof.cs` - `RebuildProof` model capturing rebuild verification results (match/mismatch, hash comparison)
|
|
|
|
## E2E Test Plan
|
|
- [ ] Verify the reproducibility verifier can compare a rebuilt binary against its published counterpart
|
|
- [ ] Verify matching binaries produce a successful rebuild proof
|
|
- [ ] Verify mismatching binaries produce a failure with detailed diff information
|
|
- [ ] Verify rebuild proof includes hash comparison (SHA256) of the rebuilt vs published binary
|
|
- [ ] Verify the service handles unavailable rebuild sources gracefully
|
|
|
|
---
|
|
|
|
## Verification
|
|
|
|
| Check | Result |
|
|
|-------|--------|
|
|
| Tier 0 - Source files exist | PASS |
|
|
| Tier 1 - Build + code review | PASS |
|
|
| Tier 2 - Integration tests | PASS |
|
|
| Verified | 2026-02-13T18:10:00Z |
|