[ipxe-devel] reproducible builds, what if
Michael Brown
mcb30 at ipxe.org
Mon May 4 04:32:41 UTC 2020
On 04/05/2020 02:10, Neil Roza wrote:
> On Sun, May 03, 2020 at 12:18:26PM +0900, Christian Nilsson wrote:
> > What if there is any local non commited changes, or config file
> changes, or
> > embedded script changes. The checksum over linked solves the
> hash, but is
> > it actually correct to use git as a source for BUILD_TIMESTAMP
> when there
> > is local changes?
>
> I see the warning, but I don't see the problem.
> In case that doesn't answer the "What if question",
> please elaborate what the hidden danger is.
>
> No, I get it: a pristine HEAD and a dirty HEAD don't deserve the same
> source date epoch. There's some ways to disambiguate these with `git
> stash`, but this is starting to get complicated. It could become an ugly
> `$(shell ...)` in the Makefile.housekeeping, or I could put it in a
> helper shell script. What's the right decision for ipxe?
BUILD_TIMESTAMP has a weaker requirement than BUILD_ID: it gets used
only as a means to automatically select the newest version of iPXE if
multiple iPXE drivers are loaded concurrently in a UEFI system. It's
already rounded down to the nearest minute when used for that purpose.
For BUILD_TIMESTAMP (but not BUILD_ID), I am happy with using the commit
date as extracted from git.
Michael
More information about the ipxe-devel
mailing list