[ipxe-devel] reproducible builds

Neil Roza neil at rtr.ai
Sat May 2 18:15:12 UTC 2020

On Fri, May 1, 2020 at 8:46 PM Christian Nilsson <nikize at gmail.com> wrote:

> On Sat, 2 May 2020, 07:36 Neil Roza, <neil at rtr.ai> wrote:
>> Hi ipxe-devel,
>> Please find the attached diff representing a patch I would like to submit
>> for your consideration. This is a small change to the
>> `src/Makefile.housekeeping` that makes the generation of most artifacts
>> (notably not `*.usb` images) deterministic.
>> The scariest change here is the removal of the `BUILD_ID_CMD` in favor of
>> an inlined shell snippet where the `_build_id` symbol is defined. In
>> keeping with the comments that specify a unique `_build_id` for each
>> `$(BIN)/%.tmp`, I use the first 8 characters of the md5sum of the target,
>> in the expected base-prefixed hexadecimal representation. Calculating the
>> likelihood of collisions I leave as an exercise to the reviewer. :D
>> The `BUILD_TIMESTAMP` assignment has been changed to allow environment
>> variable overriding, but it defaults to `SOURCE_DATE_EPOCH`. The source
>> date epoch can also be overridden; it defaults to the Unix timestamp of the
>> current git HEAD commit.
>> I like reproducible builds, but I recognize that others have different
>> concerns. I'm happy to change what needs changing.
> Hi,
> Have you read all previous emails on the topic that is posted to the
> mailing list?
> Also take a look at the commits that introduced the parts that you now are
> changing.
Regarding commits that introduced things touching `BUILD_TIMESTAMP` and/or
`BUILD_ID_CMD`, I found the following, in reverse-chronological order:

* 2014.06.18 :
: `BUILD_TIMESTAMP` is introduced; its immediate-assigned value is returned
from `date +%s`
* 2010.04.24 :
: `BUILD_ID_CMD` is introduced; its immediate-assigned value is the string
literal perl one-liner generating a 32-bit unsigned integer in hexadecimal

Insofar as I've been able to determine, these commits --- the ones that
introduced these variables --- are the only commits that affect them. Each
has been virtually untouched since its introduction.

Neil Roza
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20200502/a244fdc6/attachment.htm>

More information about the ipxe-devel mailing list