Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 27 Feb 2019 15:48:01 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 236081] [release][reproducibility] ISO images and memstick images are not build reproducible
Message-ID:  <bug-236081-227@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236081

            Bug ID: 236081
           Summary: [release][reproducibility] ISO images and memstick
                    images are not build reproducible
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: misc
          Assignee: bugs@FreeBSD.org
          Reporter: gjb@FreeBSD.org
                CC: re@FreeBSD.org

Recently, it had been discovered that FreeBSD installation medium, ISOs and
memory stick images, are not fully reproducible in head, stable/12, and
stable/11, and presumably earlier releases.

During investigation, one commit in particular had been identified as part =
of
the reproducibility issue, however it had been determined that the issue st=
ems
far beyond one change to ISO and memstick image creation tooling.

At present, it had been observed that r342283, produces a non-reproducible
"hybrid.img" file which contains the PMBR, GPT, and boot code, which is wri=
tten
to the System Area of an ISO.

However, it also had been observed that this is one of many reproducibility
issues.

Steps to recreate a test case are:

# make -C /usr/src buildworld buildkernel
# make -C /usr/src/release bootonly.iso
# mv /usr/obj/usr/src/amd64.amd64/release/bootonly.iso \
  /usr/ojb/usr/src/amd64.amd64/release/bootonly.1.iso
# make -C /usr/src/release bootonly.iso
# mv /usr/obj/usr/src/amd64.amd64/release/bootonly.iso \
  /usr/obj/usr/src/amd64.amd64/release/bootonly.2.iso

Verifying the SHA512 checksums on bootonly.1.iso and bootonly.2.iso show:
# sha512 /usr/ojb/usr/src/amd64.amd64/release/bootonly.?.iso
SHA512 (bootonly.1.iso) =3D
6e585f46d36672a7d77d78b57cef8bb6f41d932a24b9d860274da228bdc55358be11f589664=
4eb9ca141cbb2192e25ffa10e0cb416c19ba06d94b8d16386c1e2
SHA512 (bootonly.2.iso) =3D
16bdafff5a6ec60448c77ba4ede5fae17e9288791a03fcc69acae4b572a88bab26c4f41b60a=
318cc71a09b1ab8b9b4ddee5cc09821e0475d0322bca861534899

Using the diffoscope utility provided by sysutils/py-diffoscope and isoinfo
included by sysutils/cdrtools, differences in file/directory access (atime),
modification (mtime), and creation (ctime) times are observed.

Example ISOs are available at:
https://people.freebsd.org/~gjb/repro/bootonly.1.iso
https://people.freebsd.org/~gjb/repro/bootonly.2.iso

An example report produced with the diffoscope utility can be found at:
https://people.freebsd.org/~gjb/repro/diffoscope.html

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-236081-227>