From owner-freebsd-hackers@FreeBSD.ORG Tue Jun 16 21:57:51 2015 Return-Path: Delivered-To: freebsd-hackers@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 999574A7 for ; Tue, 16 Jun 2015 21:57:51 +0000 (UTC) (envelope-from holger@layer-acht.org) Received: from alpha.holgerlevsen.de (mail.holgerlevsen.de [62.201.164.66]) by mx1.freebsd.org (Postfix) with ESMTP id 233D47A2 for ; Tue, 16 Jun 2015 21:57:50 +0000 (UTC) (envelope-from holger@layer-acht.org) Received: from localhost (alpha.holgerlevsen.de [62.201.164.66]) by alpha.holgerlevsen.de (Postfix) with ESMTP id F0101CAD63C; Tue, 16 Jun 2015 23:50:49 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at alpha.holgerlevsen.de Received: from alpha.holgerlevsen.de ([62.201.164.66]) by localhost (mail.holgerlevsen.de [62.201.164.66]) (amavisd-new, port 10024) with ESMTP id W6WcHP21dyWn; Tue, 16 Jun 2015 23:50:48 +0200 (CEST) Received: from matrix.localnet (epsilon.holgerlevsen.de [62.201.164.82]) by alpha.holgerlevsen.de (Postfix) with ESMTP id CFA9ECAD089; Tue, 16 Jun 2015 23:50:48 +0200 (CEST) From: Holger Levsen To: freebsd-hackers@freebsd.org Subject: Re: reproducible builds of FreeBSD in a chroot on Linux Date: Tue, 16 Jun 2015 23:50:09 +0200 User-Agent: KMail/1.13.7 (Linux/3.16.0-0.bpo.4-amd64; KDE/4.8.4; x86_64; ; ) Cc: reproducible-builds@lists.alioth.debian.org References: <201505071122.36037.holger@layer-acht.org> <554B509B.8020608@fuckner.net> In-Reply-To: <554B509B.8020608@fuckner.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3591167.s3AzNQLD7r"; protocol="application/pgp-signature"; micalg=pgp-sha512 Content-Transfer-Encoding: 7bit Message-Id: <201506162350.11646.holger@layer-acht.org> X-Mailman-Approved-At: Tue, 16 Jun 2015 23:25:02 +0000 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jun 2015 21:57:51 -0000 --nextPart3591167.s3AzNQLD7r Content-Type: Text/Plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable Hi, sorry for replying so late... on the plus side, I've got a much clearer=20 picture now and I've implemented something similar, eg see https://reproducible.debian.net/openwrt/ and/or https://reproducible.debian.net/coreboot/ On the original subject of my mail: I have given up on this and will build= =20 =46reeBSD on a FreeBSD system, not in a chroot on Linux. I expected this wo= uld=20 work, learned that it doesn't and on the way also learned that one can buil= d=20 NetBSD on Linux or probably anything ;-) So in a while, I expect to have set up=20 https://reproducible.debian.net/freebsd/ as well as=20 https://reproducible.debian.net/netbsd/ - but no promises (yet), but these = are=20 my plans ;-) And to reply to some of you... On Donnerstag, 7. Mai 2015, Michael Fuckner wrote: > > I'm one of the people involved in > > https://wiki.debian.org/ReproducibleBuilds and have set up > > https://reproducible.debian.net which continously tests all packages in > > the Debian archive for build reproducibility (so far on amd64 only). > what is this good for? Testing the Compiler, track changes or check > hardware (errors on memory or disk) "Reproducible builds enable anyone to reproduce bit by bit identical binary= =20 packages from a given source, so that anyone can verify that a given binary= =20 derived from the source it was said to be derived. " - right now you have t= o=20 *believe* someone that the binary really comes from said source. And you ne= ed=20 to *believe* the system building it wasn't compromised... This is explained in more detail in our wiki or in the talks given, which a= re=20 linked in the wiki as well. On Freitag, 8. Mai 2015, Julian Elischer wrote: > also: By "FreeBSD" do you mean the kernel? or the whole system? > Unlike Linux, FreeBSD includes most of what the Linux world would > consider to be the domain of the base distro.. e.g. cat, ls, cc, etc. I mean the whole system (what you get when you run "make world") as well as= =20 the ports. https://wiki.freebsd.org/ReproducibleBuilds claims there are 3 known issues= =20 (for "make world" AIUI) for HEAD, I would like to build twice and verify=20 myself. https://wiki.freebsd.org/PortsReproducibleBuilds says "Of the 23599 package= s=20 which were built in both runs, 15164 have the same checksum when using the= =20 previously mentioned patch, giving 64.25% reproducible packages." - I'm als= o=20 curious to re-confirm this - and set up a test bed, which can be triggered= =20 regularily and easily. Our jenkins set up allows this and I'm interested to= do=20 this. (And I wouldn't be surprised nor disappointed if it took me til August or=20 September until I actually get around to tests the ports. The base system I= =20 definitly want to have results on in July.) =20 > There may also be a better mailing list for this... which? On Montag, 11. Mai 2015, Ed Maste wrote: > A lot of this depends on the motivation for pursuing reproducible > FreeBSD builds. If it's to help FreeBSD overall with reproducible > builds, then using the FreeBSD build infrastructure on a FreeBSD > kernel (e.g., a FreeBSD jail on Debian kFreeBSD) is an important part > of the story. If it's specifically for reproducible kernel builds for > kFreeBSD then the FreeBSD build infrastructure isn't relevant. My interest is to help FreeBSD with reproducible builds as I want to see=20 reproducible builds become the norm in the free software world and as I=20 believe FreeBSD is an important part of this world. And also because I'm=20 curious. :) As such, I'll set up a FreeBSD host "on" jenkins.debian.net (in that virtua= l=20 datacenter providing that host), running FreeBSD kernel and userland - to t= est=20 =46reeBSD on Debian ressources :-) Because we care and we can. Debian's kfreebsd-amd64 to me here is "just" another Debian architecture=20 (sorry Steven!), which will (hopefully) benefit from the Debian reproducibl= e=20 builds like all the other Debian architectures.=20 (And I wrote "hopefully" because kfreebsd-amd64 was a bit special for jessi= e=20 and hopefully will be a proper architecture for stretch, the release coming= in=20 two years.) I'll come back once these FreeBSD tests are set up. cheers, Holger --nextPart3591167.s3AzNQLD7r Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIVAwUAVYCaEwkauFYGmqocAQrJtw//TVsRIghgP3DJPifNyKcKP9SLJz3rqEyF edR2GPr0bt542cRiRENHR8xiZCr1HV2892zwv9quYwZ/4yecGSspYECN2Cl9MFuC +JR3SxCao855h1N3gLsj7dAHEefQHGrrOuaN4VNXt2DYjxqZYGtPj6hHU+w5qvdW KDTsJuF813RZ69Ij0Gd9/KfGa90WN13xPpRxU+1gJD68jDcJcSqXQ3VIyDXww17r jg1qynTxOJtM3ipYqKIRPccl7bNWXWui7wIKvJD8Ea/eMttVimG/aEs1dmLAqkNj ZWoplLEj/YnC/dmSsHW+FVbWTSTcga/Wp4hXj7KNYc3I1uWZd5J7//cNw4qlDdLq XtRjIYl7vME7tnDfY+4duEgZ0IEYgVKqS8gJBhyvD9NHe3f6LQaM2C5NuiW7OK+U oysgaAZb6oiwx2dDRilrasZt09CLkYLBu8qR4K6r2vluawW3V2PWN+kRBXjfqEQY KeRdWwToKV0RH6J53CfyPPSdf8mdFd/CT/mg1IsXJkFqlyPDwd9h4D3hfjdhH3uH m5EJGweWgMC/zsI1sNOCgXDwWvX1llsGLkcACHeSdCHjHmhGn4Lju+cPU0BL8D8Z LWTyy6WacYCd4JL/lWQaXqeLj11v0VWf46GJBlUNP4IG8puwIsDf9ZYDlaEueCFN +cj6hX11ZRo= =jYWP -----END PGP SIGNATURE----- --nextPart3591167.s3AzNQLD7r--