[Reproducible-builds] reproducible builds of FreeBSD in a chroot on Linux

Holger Levsen holger at layer-acht.org
Tue Jun 16 21:50:09 UTC 2015


sorry for replying so late... on the plus side, I've got a much clearer 
picture now and I've implemented something similar, eg see


On the original subject of my mail: I have given up on this and will build 
FreeBSD on a FreeBSD system, not in a chroot on Linux. I expected this would 
work, learned that it doesn't and on the way also learned that one can build 
NetBSD on Linux or probably anything ;-)

So in a while, I expect to have set up 
https://reproducible.debian.net/freebsd/ as well as 
https://reproducible.debian.net/netbsd/ - but no promises (yet), but these are 
my plans ;-)

And to reply to some of you...

On Donnerstag, 7. Mai 2015, Michael Fuckner wrote:
> > I'm one of the people involved in
> > https://wiki.debian.org/ReproducibleBuilds and have set up
> > https://reproducible.debian.net which continously tests all packages in
> > the Debian archive for build reproducibility (so far on amd64 only).
> what is this good for? Testing the Compiler, track changes or check
> hardware (errors on memory or disk)

"Reproducible builds enable anyone to reproduce bit by bit identical binary 
packages from a given source, so that anyone can verify that a given binary 
derived from the source it was said to be derived. " - right now you have to 
*believe* someone that the binary really comes from said source. And you need 
to *believe* the system building it wasn't compromised...

This is explained in more detail in our wiki or in the talks given, which are 
linked in the wiki as well.

On Freitag, 8. Mai 2015, Julian Elischer wrote:
> also: By "FreeBSD" do you mean the kernel? or the whole system?
> Unlike Linux, FreeBSD includes most of what the Linux world would
> consider to be the domain of the base distro..  e.g. cat, ls, cc, etc.

I mean the whole system (what you get when you run "make world") as well as 
the ports.

https://wiki.freebsd.org/ReproducibleBuilds claims there are 3 known issues 
(for "make world" AIUI) for HEAD, I would like to build twice and verify 

https://wiki.freebsd.org/PortsReproducibleBuilds says "Of the 23599 packages 
which were built in both runs, 15164 have the same checksum when using the 
previously mentioned patch, giving 64.25% reproducible packages." - I'm also 
curious to re-confirm this - and set up a test bed, which can be triggered 
regularily and easily. Our jenkins set up allows this and I'm interested to do 

(And I wouldn't be surprised nor disappointed if it took me til August or 
September until I actually get around to tests the ports. The base system I 
definitly want to have results on in July.)
> There may also be a better mailing list for this...


On Montag, 11. Mai 2015, Ed Maste wrote:
> A lot of this depends on the motivation for pursuing reproducible
> FreeBSD builds. If it's to help FreeBSD overall with reproducible
> builds, then using the FreeBSD build infrastructure on a FreeBSD
> kernel (e.g., a FreeBSD jail on Debian kFreeBSD) is an important part
> of the story. If it's specifically for reproducible kernel builds for
> kFreeBSD then the FreeBSD build infrastructure isn't relevant.

My interest is to help FreeBSD with reproducible builds as I want to see 
reproducible builds become the norm in the free software world and as I 
believe FreeBSD is an important part of this world. And also because I'm 
curious. :)

As such, I'll set up a FreeBSD host "on" jenkins.debian.net (in that virtual 
datacenter providing that host), running FreeBSD kernel and userland - to test 
FreeBSD on Debian ressources :-) Because we care and we can.

Debian's kfreebsd-amd64 to me here is "just" another Debian architecture 
(sorry Steven!), which will (hopefully) benefit from the Debian reproducible 
builds like all the other Debian architectures. 

(And I wrote "hopefully" because kfreebsd-amd64 was a bit special for jessie 
and hopefully will be a proper architecture for stretch, the release coming in 
two years.)

I'll come back once these FreeBSD tests are set up.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150616/a91b1395/attachment.sig>

More information about the Reproducible-builds mailing list