From owner-freebsd-arch@freebsd.org Fri Dec 4 14:59:02 2015 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8B626A40822 for ; Fri, 4 Dec 2015 14:59:02 +0000 (UTC) (envelope-from freebsd-listen@fabiankeil.de) Received: from smtprelay04.ispgateway.de (smtprelay04.ispgateway.de [80.67.31.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4D6A91271 for ; Fri, 4 Dec 2015 14:59:02 +0000 (UTC) (envelope-from freebsd-listen@fabiankeil.de) Received: from [78.35.147.1] (helo=fabiankeil.de) by smtprelay04.ispgateway.de with esmtpsa (TLSv1.2:AES128-GCM-SHA256:128) (Exim 4.84) (envelope-from ) id 1a4raT-0005qy-4d for freebsd-arch@freebsd.org; Fri, 04 Dec 2015 15:43:53 +0100 Date: Fri, 4 Dec 2015 15:43:08 +0100 From: Fabian Keil To: Subject: Re: Removing build metadata, for reproducible kernel builds Message-ID: <20151204154308.296841c8@fabiankeil.de> In-Reply-To: References: Reply-To: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/u.WM4vM9v0wpCohIlO2Zh9C"; protocol="application/pgp-signature" X-Df-Sender: Nzc1MDY3 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Dec 2015 14:59:02 -0000 --Sig_/u.WM4vM9v0wpCohIlO2Zh9C Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Ed Maste wrote: > The main issue currently preventing kernel builds from being > reproducible[1] is the build metadata itself that's included (time, > user, host, build path). In order to make the kernel build > reproducible I plan to remove these by default, and add a src.conf > knob to enable them for developers who want them in their own builds. To make the ElectroBSD build (kernel, world and release) reproducible the time, user and host can be overwritten. To make this more convenient the user can do this through a shell script (/usr/src/reproduce.sh) which reads the values from a small config file (/usr/src/reproduce.conf) which is included in the src.txz. Example content: | BUILD=3DElectroBSD-r291706-29246dc | EPOCH=3D1449163375 Currently the build path can't be changed between builds, mainly because I expect most users to reproduce the build using a jail in which case this limitation doesn't seem to matter. The relevant patches (minus the ones I overlooked) are now available at: https://www.fabiankeil.de/sourcecode/electrobsd/reproducible-build-goo-r291= 706-29246dc.diff Due to the auto-untainting (also done by reproduce.sh) this is not expected to build with vanilla FreeBSD, but if that code is disabled it might work. If anyone with a freebsd.org address and an OpenPGP key is interested in the whole ElectroBSD patchset (which contains security fixes that were (mostly) sent to freebsd-so@ months ago but have not been addressed yet) I'll provide it upon request. > The user-facing effect of this is that the kern.version sysctl no > longer conveys this information, and uname -a changes from something > like: Allowing to overwrite the values avoids this problem. Fabian --Sig_/u.WM4vM9v0wpCohIlO2Zh9C Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlZhpnwACgkQBYqIVf93VJ2i0QCgkIEHsXVgFpYINxMm4rCVheAc zNcAoMjtd1GB8U2o5RozG6ojdSIJwirQ =YqNY -----END PGP SIGNATURE----- --Sig_/u.WM4vM9v0wpCohIlO2Zh9C--