Date: Wed, 2 Dec 2015 22:51:29 -0700 From: Warner Losh <imp@bsdimp.com> To: Ed Maste <emaste@FreeBSD.org> Cc: "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org> Subject: Re: Removing build metadata, for reproducible kernel builds Message-ID: <D9AF1C8B-431C-4359-988F-FDEEF8FAD981@bsdimp.com> In-Reply-To: <CAPyFy2AYeN9XNg=b0=JMWDC9ctWarfiZ-5zQorOPhguDJgxYpg@mail.gmail.com> References: <CAPyFy2AYeN9XNg=b0=JMWDC9ctWarfiZ-5zQorOPhguDJgxYpg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_CBC91B2A-21A3-4072-B2FF-E00305341564 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Dec 2, 2015, at 10:36 AM, Ed Maste <emaste@FreeBSD.org> wrote: >=20 > The main issue currently preventing kernel builds from being > reproducible[1] is the build metadata itself that's included (time, > user, host, build path). In order to make the kernel build > reproducible I plan to remove these by default, and add a src.conf > knob to enable them for developers who want them in their own builds. >=20 > The user-facing effect of this is that the kern.version sysctl no > longer conveys this information, and uname -a changes from something > like: >=20 > FreeBSD ref11-amd64.freebsd.org 11.0-CURRENT FreeBSD 11.0-CURRENT #0 > r288681: Mon Oct 5 01:40:11 UTC 2015 > peter@build-11.freebsd.org:/usr/obj/usr/src/sys/CLUSTER11 amd64 >=20 > to something like: >=20 > FreeBSD feynman 10.2-STABLE FreeBSD 10.2-STABLE #44 > r288174+7644546(stable-10) amd64 >=20 > The current version of the change is available for review at > https://reviews.freebsd.org/D4347. >=20 > [1] See https://reproducible-builds.org/ for more information on the > reproducible builds project. I noted in the review that I don=E2=80=99t like the default being no. I also don=E2=80=99t like that we=E2=80=99re growing lots of different = knobs that need to be set to get a repeatable build. Let=E2=80=99s have one, or barring = that, let=E2=80=99s have one that sets all the sub-knobs. I think that host and path are more worthless than date and time in many environments. Who builds it likewise. Those are all things that are likely to change between builds, yet change the kernel image. I=E2=80=99d rather see it all gone when this option is in effect. And I=E2=80=99d rather see the default be to the historical behavior. The build number too is kinda lame here, since that=E2=80=99s just a = history of the number of tries. If you are building from svn, it should be zero. But if you=E2=80=99re rebuilding, you can easily get that number = over 100 as you update from rev to rev and reboot. It=E2=80=99s better to = have the date / time of the build so if you are seeing a problem on a test machine, you=E2=80=99ll know more firmly if the build has that = thing you fixed yesterday afternoon or not by the date / time it was built, and by whom (since my kernels after 9:15am have the fix, but nobody else does before 2:00pm since that=E2=80=99s when I checked it in). So I see the need for the feature, in general. But this doesn=E2=80=99t implement a reproducible build due to the build number, the user, the host and the path still being encoded into it. That makes the change to remove date / time completely arbitrary which is annoying because they are useful in many environments where it would be difficult to force everybody to =E2=80=98opt in=E2=80=99= to having them included. It=E2=80=99s easier to opt-out the release process. Warner --Apple-Mail=_CBC91B2A-21A3-4072-B2FF-E00305341564 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWX9hhAAoJEGwc0Sh9sBEAhHQP/28t8+/3E449+eFJJbHN/i11 TfnfoGz2if+e7U8hAYgf/BOgXI6VSeksqhUnAU/Udp6MF0MvEPchCq4o2bMqVE8y czrVUpCvX3rF69s9r3cz3pVOAF8TUpaNTah7hdlSi6RPSCvyB2jt9wC7exFPW0tU wLmxJ9R4mvGYbcH+8GuwqRHLwJ6SWEJkgkeSOiiqLsEBfBrBeJqZmJ5azx9luAom Uafq2OOP4R2A9BzsyX4IlvoEoEcjsZUne1Wo/dG7HqzAuRV6HsOATCtKvs5nRn+r GqHZy7+O8Fg2UEGUElhAU+Y9tVQkPoPXAoM0zD0VvQ0kQ57MFOpYKwumsgFHrhOJ RuluS8uq0i2Dfghxh9a29zy5QqfKrxi+GAiHnKb1rXwsVWvzYSxu+sK4p2UgohZW +cXSNlwjI5D0ieWeY/NAv3cekLJfsHM/9Gt8x+skvOsnuDuOKfkA5Dw64XXhSJ+m yYlmbvNqj7Z+3QaSaQ0j+3LJgOhEKhTtnudJaxIQ0HvVpzAWNiQH5ykQ90uXMsaj FrjXSIboSgf/brJ68eB5BhPmFa9fBpfocbCT93M9rKA+E5InVCdc/co1ymhHF55o CImCCQ3jIlsM6yh+WXLz25LC6GWh57lYbL7fGPIT7zlzO5ebi9t6can40BO/E16M J64HyAK/hxQx7ayAiWdG =n6OE -----END PGP SIGNATURE----- --Apple-Mail=_CBC91B2A-21A3-4072-B2FF-E00305341564--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D9AF1C8B-431C-4359-988F-FDEEF8FAD981>