Date: Mon, 24 Oct 2005 22:09:11 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: Martin Cracauer <cracauer@cons.org> Cc: Peter Jeremy <PeterJeremy@optushome.com.au>, delphij@delphij.net, developers@freebsd.org, freebsd-security@freebsd.org Subject: Re: Is it feasible to cross-build compat5x binary? Message-ID: <20051024215918.V15095@delplex.bde.org> In-Reply-To: <20051024064605.A44523@cons.org> References: <20051023105230.GA55181@frontfree.net> <20051023232935.GC602@dragon.NUXI.org> <20051024080811.GF39882@cirb503493.alcatel.com.au> <20051024064605.A44523@cons.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Oct 2005, Martin Cracauer wrote:
> Peter Jeremy wrote on Mon, Oct 24, 2005 at 06:08:11PM +1000:
>> On Sun, 2005-Oct-23 16:29:35 -0700, David O'Brien wrote:
>>> We should no trust cross built libraries for this purpose at this time.
>>> We really don't know how identical the results will be to being natively
>>> built.
>>
>> At some stage, we need to validate our cross-build chain with cmp(1).
>
> ELF object files are timestamped. But there's some elf-cmp out there.
On libraries (ELF or not: .so or .a) are.
I use diff -r to check that builds of object trees give reproducible
results, and just ignore libraries since they are built up from object
files by a simple process (perhaps not so simple for .so's). The main
problem at least used to be braindamaged applications that create
irreproducible results using the following methods:
- version.c files with a unique version number or timestamp
- __DATE__ in C files. Results are reproducible until the next day
- __TIME__ in C files
- __FILE__ in C files. For {source,generated} files, this makes the
results depend on the location of the {source,object} tree.
Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051024215918.V15095>