Hi, On 16/11/2019 15:22, Elmar Stellnberger wrote: > >> There are tools that can help with checking all files on the hard drive >> such as `debsums`. However, while `debsums` is more popular, it is >> unsuitable. >> >> Quote https://www.elstel.org/debcheckroot/ >> >> ... >> During development of Verifiable Builds experiences were made with >> verification of MBR, VBR, bootloader, partition table, kernel and >> initrd. Source code was created to analyze such files. >> >> https://www.whonix.org/wiki/Verifiable_Builds > > regarding verifiable builds with gcc, flex, bison, etc.: > > I have recompiled some of my self-written source code lately with gcc > and the executables and object files were exactly the same. > So when is a build now deterministic? > I would be interested in comparing compilation results of the kernel > sources. Does anyone know what needs to be met for these to be > deterministic? > From what Debian/gcc version on are deterministic builds supported? I > remember this was a well discussed issue some time ago. > I have a self compiled kernel under Debian8. I guess that one would > not have been built deterministic? > It is an issue to verify a self compiled kernel (I need to use the > patch from https://www.elstel.org/software/hunt-for-4K-UHD-2160p.html.en).
The output can vary depending on build path, build date, files ordering, and of course build dependencies. For the compiler it is recommended to set SOURCE_DATE_EPOCH to trigger deterministic behavior. https://reproducible-builds.org/docs/ has a lot more on this :) Cheers! Sylvain
