[ipxe-devel] reproducible builds, what if

Michael Brown mcb30 at ipxe.org
Mon May 4 04:32:41 UTC 2020


On 04/05/2020 02:10, Neil Roza wrote:
>     On Sun, May 03, 2020 at 12:18:26PM +0900, Christian Nilsson wrote:
>      > What if there is any local non commited changes, or config file
>     changes, or
>      > embedded script changes. The checksum over linked solves the
>     hash, but is
>      > it actually correct to use git as a source for BUILD_TIMESTAMP
>     when there
>      > is local changes?
> 
>     I see the warning, but I don't see the problem.
>     In case that doesn't answer the "What if question",
>     please elaborate what the hidden danger is.
> 
> No, I get it: a pristine HEAD and a dirty HEAD don't deserve the same 
> source date epoch. There's some ways to disambiguate these with `git 
> stash`, but this is starting to get complicated. It could become an ugly 
> `$(shell ...)` in the Makefile.housekeeping, or I could put it in a 
> helper shell script. What's the right decision for ipxe?

BUILD_TIMESTAMP has a weaker requirement than BUILD_ID: it gets used 
only as a means to automatically select the newest version of iPXE if 
multiple iPXE drivers are loaded concurrently in a UEFI system.  It's 
already rounded down to the nearest minute when used for that purpose.

For BUILD_TIMESTAMP (but not BUILD_ID), I am happy with using the commit 
date as extracted from git.

Michael



More information about the ipxe-devel mailing list