[Reproducible-builds] [coreboot] coreboot reproducible builds almost there

Holger Levsen holger at layer-acht.org
Sat Jun 13 10:43:27 UTC 2015


Hi,

On Donnerstag, 11. Juni 2015, Patrick Georgi wrote:
> > Things is, _AIUI_, there is no common payload which can be enabled for
> > all boards. Is that correct?
> The one that should run everywhere is Google's depthcharge, and that
> isn't hooked up to the build system like SeaBIOS is (and even
> depthcharge isn't available for emulation/qemu-riscv). So you're
> correct, there is no single payload for every board.

ok.
 
> Since we select default payloads in our Kconfig rules (seabios for
> x86), I guess we should start doing the same for other architectures.
> I don't think that belongs in your test script - things might change
> in the future, and that shouldn't require additional effort on your
> part.

agreed :)

> We'll work on that, and will tell you once there's a plan and/or
> implementation.

cool, thanks.

That said, as the current tests have reached 100%, I'm thinking about removing 
the "--payloads none" switch again now already, so that then some images have 
payloads and some not.
 
> > And then I'm wondering, "what next"? AIUI you don't ever offer images for
> > download and instead expect users to build coreboot themselves. So the
> > whole topic of verifying and reproducing the vendors (=your!) binaries
> > is a bit mood here, at least atm. Any comments on that?
> 
> There are distributions, sort of.
> Google ships coreboot as part of Chrome OS (which requires a huge
> build system even to build just coreboot).
> Then there's libreboot (www.libreboot.org), which ships their
> coreboot-variant (without blobs and with as few patches against
> coreboot as possible) with GRUB2 as payload for a small selection of
> boards that they can support.
> There are also some other vendors, but they're less visible.

Hm. I guess I will leave it here for the moment, hoping that someone will pick 
up the task of verifying actually released and downloadable images...
 
> If you want to support coreboot distributions (that ship binaries),
> libreboot is currently your best bet.

added as question to my TODO :)

> > Last, and probably least: currently the headline of the page says "fast,
> > flexible and reproducible Open Source firmware_?_" which I felt was
> > appropriate when only a few images with payload were reproducible.
> Oh, I loved it, still do! At some point we should replace the question
> mark with an exclamation mark, though :-)

:-)

I've change the code to exchange the question mark against an exclaimation 
mark if 100% are reached... :)
 
> > Oh, and as the page says, it's currently only updated once a month and on
> > demand, so please do ping me if you merged some reproducible changes into
> > master!
> Thanks, will do. Let's start immediately :-)


> Since you mentioned 'once we reach 100% (without payloads)' earlier:
> the issue of the remaining 7 non-reproducible board should be fixed
> since today, in response to your report. I'd appreciate if you could
> do another run to verify this.

https://jenkins.debian.net/view/reproducible/job/reproducible_coreboot/44/console 
has just finished and https://reproducible.debian.net/coreboot/coreboot.html 
now says "248 (100.0%) out of 248 built coreboot images were reproducible in 
our test setup" - kudos!!


cheers,
	Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150613/1f631bb1/attachment.sig>


More information about the Reproducible-builds mailing list