[ipxe-devel] reproducible builds
Neil Roza
neil at rtr.ai
Fri May 1 22:36:05 UTC 2020
Hi ipxe-devel,
Please find the attached diff representing a patch I would like to submit
for your consideration. This is a small change to the
`src/Makefile.housekeeping` that makes the generation of most artifacts
(notably not `*.usb` images) deterministic.
The scariest change here is the removal of the `BUILD_ID_CMD` in favor of
an inlined shell snippet where the `_build_id` symbol is defined. In
keeping with the comments that specify a unique `_build_id` for each
`$(BIN)/%.tmp`, I use the first 8 characters of the md5sum of the target,
in the expected base-prefixed hexadecimal representation. Calculating the
likelihood of collisions I leave as an exercise to the reviewer. :D
The `BUILD_TIMESTAMP` assignment has been changed to allow environment
variable overriding, but it defaults to `SOURCE_DATE_EPOCH`. The source
date epoch can also be overridden; it defaults to the Unix timestamp of the
current git HEAD commit.
I like reproducible builds, but I recognize that others have different
concerns. I'm happy to change what needs changing.
--
Neil Roza
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20200501/95b30541/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: reproducible-builds.diff
Type: text/x-patch
Size: 1713 bytes
Desc: not available
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20200501/95b30541/attachment.bin>
More information about the ipxe-devel
mailing list