[Reproducible-builds] reproducible builds of FreeBSD in a chroot on Linux

Holger Levsen holger at layer-acht.org
Wed Jun 17 09:38:39 UTC 2015


Hi Erik,

On Mittwoch, 17. Juni 2015, Erik Cederstrand wrote:
> The build should be immune to the time of the build, of course. That's
> fairly easy (e.g. use 'ar -D' consistently and leave DEBUG_FLAGS empty).

yup, easy, but this can mean some work. (Which usually can be shared among the 
upstream software projects.)
 
> But what about the user who started the build? This leaks to at least
> sendmail config files.

yup, those are bugs which need to be fixed. (it's also a privacy issue.)

> Being agnostic to the path to the src root (e.g. /usr/src or
> /home/erik/freebsd/HEAD/src) requires rewriting the compiler __FILE__
> macro to insert a relative path, and make debuggers understand relative
> paths. This is hard.

while doing this for Debian we haven't found a way to prevent this (leaking of 
the build path into build products), so our "solution" now is to use a 
definited path or record the path and build in the same path again.

that is clearly not optimal but currently the only thing we require to be some 
specific way.

> The FreeBSD subversion revision is also leaked several places.

That should not matter, as it's part of the source, so it will be the same 
revision on rebuilds. 

> I think reproduce builds are a noble goal and would enable all sorts of
> smart analysis, e.g. which binaries are affected by a certain commit. Just
> remember to define the requirements that need to be satisfied to get
> reproduce builds.

sure. *I* also don't plan to fix or even work on FreeBSD, I'm merely 
investigating it and sharing the results. If the FreeBSD community wants 
reproducible builds, you will need to work on them ;-)

(I'll be happy to help but thats it.)


cheers,
	Holger


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150617/2296a57b/attachment.sig>


More information about the Reproducible-builds mailing list