[ipxe-devel] reproducible builds
Neil Roza
neil at rtr.ai
Sat May 2 18:15:12 UTC 2020
On Fri, May 1, 2020 at 8:46 PM Christian Nilsson <nikize at gmail.com> wrote:
>
>
> On Sat, 2 May 2020, 07:36 Neil Roza, <neil at rtr.ai> wrote:
>
>> Hi ipxe-devel,
>>
>> Please find the attached diff representing a patch I would like to submit
>> for your consideration. This is a small change to the
>> `src/Makefile.housekeeping` that makes the generation of most artifacts
>> (notably not `*.usb` images) deterministic.
>>
>> The scariest change here is the removal of the `BUILD_ID_CMD` in favor of
>> an inlined shell snippet where the `_build_id` symbol is defined. In
>> keeping with the comments that specify a unique `_build_id` for each
>> `$(BIN)/%.tmp`, I use the first 8 characters of the md5sum of the target,
>> in the expected base-prefixed hexadecimal representation. Calculating the
>> likelihood of collisions I leave as an exercise to the reviewer. :D
>>
>> The `BUILD_TIMESTAMP` assignment has been changed to allow environment
>> variable overriding, but it defaults to `SOURCE_DATE_EPOCH`. The source
>> date epoch can also be overridden; it defaults to the Unix timestamp of the
>> current git HEAD commit.
>>
>> I like reproducible builds, but I recognize that others have different
>> concerns. I'm happy to change what needs changing.
>>
>
> Hi,
> Have you read all previous emails on the topic that is posted to the
> mailing list?
> Also take a look at the commits that introduced the parts that you now are
> changing.
>
>
>>
Regarding commits that introduced things touching `BUILD_TIMESTAMP` and/or
`BUILD_ID_CMD`, I found the following, in reverse-chronological order:
* 2014.06.18 :
https://github.com/ipxe/ipxe/commit/8290a955130e0a6d6112ad8f269d8f617103e070
: `BUILD_TIMESTAMP` is introduced; its immediate-assigned value is returned
from `date +%s`
* 2010.04.24 :
https://github.com/ipxe/ipxe/commit/58f6e553625c90d928ddd54b8f31634a5b26f05e
: `BUILD_ID_CMD` is introduced; its immediate-assigned value is the string
literal perl one-liner generating a 32-bit unsigned integer in hexadecimal
Insofar as I've been able to determine, these commits --- the ones that
introduced these variables --- are the only commits that affect them. Each
has been virtually untouched since its introduction.
--
Neil Roza
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20200502/a244fdc6/attachment.htm>
More information about the ipxe-devel
mailing list