From owner-freebsd-hackers@FreeBSD.ORG Wed Jun 17 13:17:51 2015 Return-Path: Delivered-To: freebsd-hackers@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 18ABD69 for ; Wed, 17 Jun 2015 13:17:51 +0000 (UTC) (envelope-from holger@layer-acht.org) Received: from alpha.holgerlevsen.de (mail.holgerlevsen.de [62.201.164.66]) by mx1.freebsd.org (Postfix) with ESMTP id 975E7C9D for ; Wed, 17 Jun 2015 13:17:50 +0000 (UTC) (envelope-from holger@layer-acht.org) Received: from localhost (alpha.holgerlevsen.de [62.201.164.66]) by alpha.holgerlevsen.de (Postfix) with ESMTP id D29E6CAD1D1; Wed, 17 Jun 2015 11:39:19 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at alpha.holgerlevsen.de Received: from alpha.holgerlevsen.de ([62.201.164.66]) by localhost (mail.holgerlevsen.de [62.201.164.66]) (amavisd-new, port 10024) with ESMTP id ex2aKHswQF_z; Wed, 17 Jun 2015 11:39:19 +0200 (CEST) Received: from matrix.localnet (epsilon.holgerlevsen.de [62.201.164.82]) by alpha.holgerlevsen.de (Postfix) with ESMTP id 1A785CAD089; Wed, 17 Jun 2015 11:39:19 +0200 (CEST) From: Holger Levsen To: reproducible-builds@lists.alioth.debian.org, freebsd-hackers@freebsd.org Subject: Re: [Reproducible-builds] reproducible builds of FreeBSD in a chroot on Linux Date: Wed, 17 Jun 2015 11:38:39 +0200 User-Agent: KMail/1.13.7 (Linux/3.16.0-0.bpo.4-amd64; KDE/4.8.4; x86_64; ; ) References: <201505071122.36037.holger@layer-acht.org> <201506162350.11646.holger@layer-acht.org> <387AA935-C074-4F95-A465-E525F7F0E188@cederstrand.dk> In-Reply-To: <387AA935-C074-4F95-A465-E525F7F0E188@cederstrand.dk> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart4835019.hJprKGSLqn"; protocol="application/pgp-signature"; micalg=pgp-sha512 Content-Transfer-Encoding: 7bit Message-Id: <201506171138.41932.holger@layer-acht.org> X-Mailman-Approved-At: Wed, 17 Jun 2015 15:01:09 +0000 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2015 13:17:51 -0000 --nextPart4835019.hJprKGSLqn Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Erik, On Mittwoch, 17. Juni 2015, Erik Cederstrand wrote: > The build should be immune to the time of the build, of course. That's > fairly easy (e.g. use 'ar -D' consistently and leave DEBUG_FLAGS empty). yup, easy, but this can mean some work. (Which usually can be shared among = the=20 upstream software projects.) =20 > But what about the user who started the build? This leaks to at least > sendmail config files. yup, those are bugs which need to be fixed. (it's also a privacy issue.) > Being agnostic to the path to the src root (e.g. /usr/src or > /home/erik/freebsd/HEAD/src) requires rewriting the compiler __FILE__ > macro to insert a relative path, and make debuggers understand relative > paths. This is hard. while doing this for Debian we haven't found a way to prevent this (leaking= of=20 the build path into build products), so our "solution" now is to use a=20 definited path or record the path and build in the same path again. that is clearly not optimal but currently the only thing we require to be s= ome=20 specific way. > The FreeBSD subversion revision is also leaked several places. That should not matter, as it's part of the source, so it will be the same= =20 revision on rebuilds.=20 > I think reproduce builds are a noble goal and would enable all sorts of > smart analysis, e.g. which binaries are affected by a certain commit. Just > remember to define the requirements that need to be satisfied to get > reproduce builds. sure. *I* also don't plan to fix or even work on FreeBSD, I'm merely=20 investigating it and sharing the results. If the FreeBSD community wants=20 reproducible builds, you will need to work on them ;-) (I'll be happy to help but thats it.) cheers, Holger --nextPart4835019.hJprKGSLqn Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIVAwUAVYFAIQkauFYGmqocAQq1XA/8C3SGL2Ejdp7z3esY6KnAK/WVwN6kjHWI qkKQu+w+7ddJXCTIyEuFrZKJGR6QLefFv4Pu1HHKfMbmxDw67VTzv5S7psdxw1Lw erl4Ys3wuCY23uTTu0OKFi4Szu+s9lA+6YfwFFHIcIo+9mJBLzb4XAVhrBlOV6OS BsrnHAcF0pY1xkO4hg+1U076GMq9mvyLBIWNR4BfY+ymfcS17BPbwls+Lr6XejTm 2Sgz1rfQUlau53uu1gbT/283D4QUPNTKCKKxV3Hxil7WYGqK6nJWanFKD5H4q5b5 VjgYvtM9FlQQ/KnzR75JgnzgzzImKQtcSXWjveX2E1S8FyOuTekq8tWYofOrP5WJ 9dSDgKHCNZBRAJxU1DWQ6LAOx1B2mn8LI8Ln4U/oyW1SgMyjiDBkbg4rhlNT/GTu vMmH9bieqHQVXi2y6BZyADWCggM5n+RLrviBuG69ynjHlO+shQLwtmG8DrTN23Aw Gef+JrmX3DYpZWxAJypaHkEV0Ql9eCMRszdzIQAw+OsrGpOMc/Dc4jmrdUlSfDOP vpEbPsAglbmar0xUHMyrdZY6MS3xu7Uw3q2PM8FTr1Suwo0L+WkA0a5nNAtW4GIG V4T3vrQzkPIXzBgCvMrjvcG3/bwRTmbT/2FqyRkiavFWDmNyUU3AQUXbX18dPByw VC3tmcUMaQg= =lwdG -----END PGP SIGNATURE----- --nextPart4835019.hJprKGSLqn--