On Mon, Jul 01, 2019 at 10:58:04AM -0500, Joshua Watt wrote:
> I'm curious what people thing about all this; How important is
> reproducibility? How reproducible do we want to be? How hard should it
> be to have reproducible builds? What trade-offs are willing to be made
> for reproducible build
Hi,
On 02/07/2019 16.13, Joshua Watt wrote:
For detecting malicous binaries not built from the claimed sources 1. is
sufficient. For distributions like Debian that build natively this is
even the only option available since the host compiler is used.
Doing 2. would of course be more desirable,
On 7/2/19 8:26 AM, Adrian Bunk wrote:
On Mon, Jul 01, 2019 at 10:58:04AM -0500, Joshua Watt wrote:
...
1. HOSTTOOLS differences. There are a lot of tools listed in HOSTTOOLS, and
unfortunately some of them have version dependent output and are used for
target builds (the one I've currently stu
On Mon, Jul 01, 2019 at 10:58:04AM -0500, Joshua Watt wrote:
>...
> 1. HOSTTOOLS differences. There are a lot of tools listed in HOSTTOOLS, and
> unfortunately some of them have version dependent output and are used for
> target builds (the one I've currently stumbled upon is pod2man, but I'm sure
On Mon, Jul 1, 2019, 7:43 PM Douglas Royds
wrote:
> On 2/07/19 3:58 AM, Joshua Watt wrote:
>
> > 1. Testing RPM and IPK package formats. I think RPMs will be pretty
> > easy; IPKs might be more challenging since AFAIK the tools that make
> > them don't generate reproducible output to begin with.
On 2/07/19 3:58 AM, Joshua Watt wrote:
1. Testing RPM and IPK package formats. I think RPMs will be pretty
easy; IPKs might be more challenging since AFAIK the tools that make
them don't generate reproducible output to begin with.
This has not been my experience. I have been building reprodu
All,
I've been working on making OE builds reproducible (that is, two given
builds can have binary-identical outputs). The current "test" for
reproducibility involves building core-image-minimal in two different
build directories, then doing a binary diff of the resulting target
Debian packag
