From owner-freebsd-current@FreeBSD.ORG Fri Dec 9 11:32:30 2011 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5327D106564A for ; Fri, 9 Dec 2011 11:32:30 +0000 (UTC) (envelope-from erik@cederstrand.dk) Received: from csmtp3.one.com (csmtp3.one.com [91.198.169.23]) by mx1.freebsd.org (Postfix) with ESMTP id 19C0F8FC13 for ; Fri, 9 Dec 2011 11:32:29 +0000 (UTC) Received: from [10.0.0.82] (unknown [217.157.7.210]) by csmtp3.one.com (Postfix) with ESMTPA id 0565B24026BE for ; Fri, 9 Dec 2011 11:16:40 +0000 (UTC) From: Erik Cederstrand Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Fri, 9 Dec 2011 12:16:39 +0100 Message-Id: To: FreeBSD Current Mime-Version: 1.0 (Apple Message framework v1084) X-Mailer: Apple Mail (2.1084) Subject: Deterministic builds X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Dec 2011 11:32:30 -0000 Hi all, I've been working on a project to make it possible to produce = deterministic builds with FreeBSD. By this I mean building a FreeBSD = distribution twice from the same code base and having all files in the = two distributions match by md5 sum. Currently, this is not the case. My main goal for this project is to be able to see exactly which files = are affected between two revision, in terms of actual functionality. There are different ways of defining deterministic builds. My first = attempt works when the SVN revision and SRCDIR is the same, but build = timestamp, OBJDIR and DESTDIR are different. Here is a patch for current = (r228312): http://217.157.7.216/deterministic.diff. This is my first = attempt at a patch for the build infrastructure, so be warned :-) To try the patch, you must be running 9.0 or later, since the build = relies on the '-D' flag being available in ar(1) and ranlib(1) (ar is = not a build dependency). I have only tested this with GCC, not Clang. To build deterministically, you need to put WITH_DETERMINISTIC=3D"YES" = in both make.conf and from the command-line. I can't work out why both = are necessary. Main features of the patch: * Change ARFLAGS to add '-D' where ARFLAGS are hard-coded * Adds a RANLIBFLAGS variable * Remove '-g' from C/C++ debug clags where it is hard-coded * Strips binaries for debug info which contains file paths * Adds -frandom-seed to CXXFLAGS so the random seed in C++ binaries is = constant * Changes sendmail config file headers to be generic * Changes newvers.sh to create a generic vers.c file Currently missing and untested is building with different user logins, = different hostnames, different revisions (where e.g. only a comment is = changed), different SRCDIRs and probably other things I haven't thought = of. Also, I have only done rudimentary runtime testing. Here is the script I have used to build and test: = http://217.157.7.216/build_md.sh I'd be very grateful for any comments on the approach and the patch. Thanks, Erik=