Date: Mon, 11 May 2015 17:07:38 -0400 From: Ed Maste <emaste@freebsd.org> To: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>, "debian-bsd@lists.debian.org" <debian-bsd@lists.debian.org> Cc: Holger Levsen <holger@layer-acht.org> Subject: Re: reproducible builds of FreeBSD in a chroot on Linux Message-ID: <CAPyFy2Cb0SbLAZ0psH3AUS4tP5ausAVrvGGf57fparmCKHVr_g@mail.gmail.com> In-Reply-To: <20150511183740.GA20721@pyro.eu.org> References: <20150511183740.GA20721@pyro.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11 May 2015 at 14:37, Steven Chamberlain <steven@pyro.eu.org> wrote: > > We were actually able to build our package of the FreeBSD kernel on > GNU/Linux, and the binary would match what we built on GNU/kFreeBSD. > (Which I think is the ultimate in securing against attacks on the > build/development systems). Ideally we'd be able to produce binary identical kernel on FreeBSD as well, although that might be more difficult depending on how you've set up the kFreeBSD build infrastructure. In any case, it's still a good diversity story. > I understand wanting to do this on GNU/Linux, but if that's too > difficult, it may be easier trying this in a chroot on GNU/kFreeBSD > first. You can even run a Debian GNU/kFreeBSD host system with > native FreeBSD binaries inside a chroot or jail, potentially a whole > native build system inside of it. A lot of this depends on the motivation for pursuing reproducible FreeBSD builds. If it's to help FreeBSD overall with reproducible builds, then using the FreeBSD build infrastructure on a FreeBSD kernel (e.g., a FreeBSD jail on Debian kFreeBSD) is an important part of the story. If it's specifically for reproducible kernel builds for kFreeBSD then the FreeBSD build infrastructure isn't relevant.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2Cb0SbLAZ0psH3AUS4tP5ausAVrvGGf57fparmCKHVr_g>