[Reproducible-builds] Reproducibility vs signatures
Ben Hutchings
ben at decadent.org.uk
Mon Aug 3 01:49:34 UTC 2015
At some point we're hopefully going to support Secure Boot on amd64.
That means there will be a signed kernel image (separate from the
current linux-image packages) and a signed GRUB image. The kernel
modules in the linux-image packages will also be signed, probably with
an ephemeral key.
All these signatures will all be embedded within binaries and will of
course not be reproducible. The locations of differences will however
be predictable.
How should we deal with this limited variability? Could source
packages or buildinfo describe the expected variations somehow?
Ben.
--
Ben Hutchings
Unix is many things to many people,
but it's never been everything to anybody.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150803/851b7330/attachment.sig>
More information about the Reproducible-builds
mailing list