From owner-freebsd-hackers@FreeBSD.ORG Wed Jun 17 20:48:51 2015 Return-Path: Delivered-To: freebsd-hackers@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A5BA0FB7 for ; Wed, 17 Jun 2015 20:48:51 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-ig0-x22b.google.com (mail-ig0-x22b.google.com [IPv6:2607:f8b0:4001:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6E658945 for ; Wed, 17 Jun 2015 20:48:51 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: by igbos3 with SMTP id os3so3084368igb.0 for ; Wed, 17 Jun 2015 13:48:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=WWaehozoauwn0dIM9OeDMrjVXLSkN9vHwWGWidvwQSI=; b=GmbUynOt3e3b6zZLkzFxH2To/IOYDWCrQZIJPwMoLGFaoH+4mY9qWZUh8BLNl+rg8u 5UXKWErnA4jmdCcc3ZF3+qBroOs7//eBmanNdCgoE6BYjK0bOghJutyoUcc08qKs+7YU i7mm+NjG96VWQu1VSDG379TDL7tppSzpxLoixEdtjhn22r0b+HRmX5NsdiIKxmBPSkcd U9ZG++B2eDLtpMrMHYkybs25E6IhC/aj6LvmzOLiObEaxybUlirGRCLMpckV7VZEt2ME Tb7EynmBs7EK60UN9GcapheJgHxCE2HIlTgV2v1cBzyvvaDJuMKpOE7AKGe0ksJzUWqA ke1Q== X-Received: by 10.43.12.136 with SMTP id pi8mr2298347icb.6.1434574130837; Wed, 17 Jun 2015 13:48:50 -0700 (PDT) MIME-Version: 1.0 Sender: carpeddiem@gmail.com Received: by 10.107.48.3 with HTTP; Wed, 17 Jun 2015 13:48:30 -0700 (PDT) In-Reply-To: <201506162350.11646.holger@layer-acht.org> References: <201505071122.36037.holger@layer-acht.org> <554B509B.8020608@fuckner.net> <201506162350.11646.holger@layer-acht.org> From: Ed Maste Date: Wed, 17 Jun 2015 16:48:30 -0400 X-Google-Sender-Auth: 0U5b6hjvja4KbpjRuc6-1HkDdco Message-ID: Subject: Re: reproducible builds of FreeBSD in a chroot on Linux To: Holger Levsen Cc: "freebsd-hackers@freebsd.org" , reproducible-builds@lists.alioth.debian.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2015 20:48:51 -0000 On 16 June 2015 at 17:50, Holger Levsen wrote: > > So in a while, I expect to have set up > https://reproducible.debian.net/freebsd/ as well as > https://reproducible.debian.net/netbsd/ - but no promises (yet), but these are > my plans ;-) Great, looking forward to it! > https://wiki.freebsd.org/ReproducibleBuilds claims there are 3 known issues > (for "make world" AIUI) for HEAD, I would like to build twice and verify > myself. I'm interested in fixing the remaining kernel / world issues, with the kernel being my higher priority. For the kernel we have the username, hostname, and build timestamp. The path is included too, but I don't anticipate trying to address it at first; release builds are done in a consistent location anyhow (/usr/src). These are used only as user-facing strings for the kern.version sysctl and reported by uname. An example kern.version string: FreeBSD 10.1-STABLE #28 r280427+86df2de(stable-10): Thu Mar 26 16:07:47 EDT 2015 emaste@feynman:/tank/emaste/obj/tank/emaste/src/git-stable-10/sys/GENERIC >From a technical perspective they're trivially eliminated. There may be some 3rd party ports expect the precise format, but probably not very many (and they should be fixed, anyhow). There's a much larger social issue in convincing the FreeBSD developer community to accept their removal, though :-) > https://wiki.freebsd.org/PortsReproducibleBuilds says "Of the 23599 packages > which were built in both runs, 15164 have the same checksum when using the > previously mentioned patch, giving 64.25% reproducible packages." - I'm also > curious to re-confirm this - and set up a test bed, which can be triggered > regularily and easily. Our jenkins set up allows this and I'm interested to do > this. I'm pleasantly surprised by the ports results -- 64.25% seems quite good for such a straightforward change. The test there is on the same host though, and so avoids any non-reproducibility from host/user/path leaks. > My interest is to help FreeBSD with reproducible builds as I want to see > reproducible builds become the norm in the free software world and as I > believe FreeBSD is an important part of this world. And also because I'm > curious. :) Great! Hopefully we can help lend some weight in convincing upstream projects to accept reproducibility patches (once we get further along in our ports effort). -Ed