rebuilderd
libfaketime
rebuilderd | libfaketime | |
---|---|---|
6 | 7 | |
344 | 2,571 | |
- | - | |
5.3 | 5.8 | |
6 months ago | about 1 month ago | |
Rust | C | |
GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rebuilderd
-
Towards a Reproducible F-Droid
Arch Linux is heavily invested into it:
- https://reproducible.archlinux.org/ - Attempts to reproduce the distributed binary packages from source using reproducible builds tooling. This already works for a big chunk of packages.
- https://github.com/archlinux/archlinux-repro - This is a wrapper for Arch Linux build tooling that creates a build environment in a container that has the same packages installed as the original build environment back then. Software is expected to build reproducible in this environment and many ecosystems already do by default (Rust for example, to name one).
- https://github.com/kpcyrd/rebuilderd - This monitors the packages in Arch Linux, runs archlinux-repro on all of them and hosts the results. There are other projects supported but Arch Linux works best at the moment, and archlinux-repro offers the best integration I'm currently aware of.
There are surprisingly few people interested in running this stack on their own for verification purpose though.
-
Paranoia About Everything
Independent rebuilders can mitigate this to some degree, unless you can compromise all of them in some way. Some are listed on https://rebuilderd.com/, this is based on reproducible builds and only works for reproducible packages/software though.
-
Debian's rebuilds going up in Purdue's rebuilderd instance!
As many of you may know, one of Debian's most pressing issues for a long time has been working towards bit-for-bit reproducibility of its binary packages. Part of this initiative led to the Reproducible Builds project, in which other projects have joined with the goal of having reproducible builds of their instances. Until now, Debian's reproducibility was theoretical, as there was no proper rebuilding tool to verify its binary package reproducibility empirically. Recently, Arch Linux (and specifically one of its Trusted Users, who goes by 'kpcyrd' online, who in addition maintains packages for Debian and Alpine) produced an independent tool for verifying the reproducibility of binary packages called rebuilderd and has had its own instance running for quite some time. Apparently, collaboration between Arch Linux and Debian (and probably many other programmers and projects) lead to Debian's own instance of rebuilderd hosted by the Purdue University. You can see at Debian's reproducibility progress at:
- rebuilderd 0.9.0: reproducible builds verification system used by Arch Linux
- rebuilderd 0.9.0 has been released
libfaketime
-
Are there seeds in this game?
I'm not at my computer ATM to check, but it likely uses the current time. Except for a few programs that ask the OS for entropy, it's common for programs to seed the RNG with the current time. Even for non-open-source programs, you can typically game that by intercepting the initial request for the time (e.g. libfaketime on Linux, probably equivalents elsewhere.
-
Setting the clock ahead to see what breaks
I can recommend libfaketime regarding this topic.
It can bei used to change the system time for a single application only.
https://github.com/wolfcw/libfaketime
-
Forcing the hardware clock when running CentOS 5.10 to a different date on boot Hyper-V
In your position I would have a look at the excellent libfaketime library which allows you easily to run processes at whatever time you like. Most likely you would have to compile the software on your own, I doubt you will find a current version of it pre-compiled somewhere.
-
Open source time travel software?
faketime
- Quick N6 Beta 2 update
-
[IMPORTANT] SL redirects to Play Store
The worse part is that pirates are smart enough to use programs/libraries like these: https://github.com/wolfcw/libfaketime (to fake time for a specific app). So only genuine users are f..cked. As a fellow developer I know time Killswitches don't worked because anyone can fool a program.
-
Stop the time.
libfaketime can do this.
What are some alternatives?
git2-rs - libgit2 bindings for Rust
gl4es - GL4ES is a OpenGL 2.1/1.5 to GL ES 2.0/1.1 translation library, with support for Pandora, ODroid, OrangePI, CHIP, Raspberry PI, Android, Emscripten and AmigaOS4.
pacman-bintrans - Experimental binary transparency for pacman with sigstore and rekor
JDSP4Linux - An audio effect processor for PipeWire and PulseAudio clients
modus - A language for building Docker/OCI container images
pythonlibs - A Python wrapper for the extremely fast Blosc compression library
picosnitch - Monitor Network Traffic Per Executable, Beautifully Visualized
libyazzy-preload - LD_PRELOAD-able libraries
ismyarchverifiedyet - :construction: Experimental script to query rebuilderd for results :construction:
hax11 - Hackbrary to Hook and Augment X11 protocol calls
autovet - Automated security testing for open source libraries and applications.
cli - Command line interface for the Phylum API