From owner-freebsd-hackers@FreeBSD.ORG Mon May 11 21:08:00 2015 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 66403CA7 for ; Mon, 11 May 2015 21:08:00 +0000 (UTC) Received: from mail-ig0-x232.google.com (mail-ig0-x232.google.com [IPv6:2607:f8b0:4001:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 30CD11C5E for ; Mon, 11 May 2015 21:08:00 +0000 (UTC) Received: by igbpi8 with SMTP id pi8so82823756igb.1 for ; Mon, 11 May 2015 14:07:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=bHFUx564oZf+n+bT8ZyCz+0HOVjdHAycfjBI9GYdemg=; b=bHz4SKlkHZEGCw6I8zT4B/AIArYpxA3plxl9ZvDbEMKK9Hr+4E1TI4P2387DnYmyfq nydO3C7THSPThQWzrGJEHwK0kvnhohaoHBFbhPWEZbLvWvCWn/csDdssS6FFZHa+bCpC nweccG7ILpS8ChD7NX56OgkWkp9FtOTgUsdmeef0TxWNYbyB9NSakmOkilhhHMj6Z4Ip aNplmsoJsZs9tx7PTELdrLXAZ6uOtLqfTm+36I57MjYrdHJSBfKD6mrA5CvJrpoN3un8 syz4Kt+lZnRdTnKqhRx9RzbNOa0OgRCXRArsa/iqkvGyv9OTfs9F+D8dxAdPOrotDADE p4nA== X-Received: by 10.50.143.33 with SMTP id sb1mr15563863igb.33.1431378479643; Mon, 11 May 2015 14:07:59 -0700 (PDT) MIME-Version: 1.0 Sender: carpeddiem@gmail.com Received: by 10.107.48.3 with HTTP; Mon, 11 May 2015 14:07:38 -0700 (PDT) In-Reply-To: <20150511183740.GA20721@pyro.eu.org> References: <20150511183740.GA20721@pyro.eu.org> From: Ed Maste Date: Mon, 11 May 2015 17:07:38 -0400 X-Google-Sender-Auth: RgTPc7KYMeqNGRFSVBZ2v0c65fk Message-ID: Subject: Re: reproducible builds of FreeBSD in a chroot on Linux To: "freebsd-hackers@freebsd.org" , "debian-bsd@lists.debian.org" Cc: Holger Levsen Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 May 2015 21:08:00 -0000 On 11 May 2015 at 14:37, Steven Chamberlain wrote: > > We were actually able to build our package of the FreeBSD kernel on > GNU/Linux, and the binary would match what we built on GNU/kFreeBSD. > (Which I think is the ultimate in securing against attacks on the > build/development systems). Ideally we'd be able to produce binary identical kernel on FreeBSD as well, although that might be more difficult depending on how you've set up the kFreeBSD build infrastructure. In any case, it's still a good diversity story. > I understand wanting to do this on GNU/Linux, but if that's too > difficult, it may be easier trying this in a chroot on GNU/kFreeBSD > first. You can even run a Debian GNU/kFreeBSD host system with > native FreeBSD binaries inside a chroot or jail, potentially a whole > native build system inside of it. A lot of this depends on the motivation for pursuing reproducible FreeBSD builds. If it's to help FreeBSD overall with reproducible builds, then using the FreeBSD build infrastructure on a FreeBSD kernel (e.g., a FreeBSD jail on Debian kFreeBSD) is an important part of the story. If it's specifically for reproducible kernel builds for kFreeBSD then the FreeBSD build infrastructure isn't relevant.