Date: Fri, 9 Dec 2011 12:16:39 +0100 From: Erik Cederstrand <erik@cederstrand.dk> To: FreeBSD Current <freebsd-current@freebsd.org> Subject: Deterministic builds Message-ID: <F813133F-485D-4612-A695-42206E44B28A@cederstrand.dk>
next in thread | raw e-mail | index | archive | help
Hi all, I've been working on a project to make it possible to produce = deterministic builds with FreeBSD. By this I mean building a FreeBSD = distribution twice from the same code base and having all files in the = two distributions match by md5 sum. Currently, this is not the case. My main goal for this project is to be able to see exactly which files = are affected between two revision, in terms of actual functionality. There are different ways of defining deterministic builds. My first = attempt works when the SVN revision and SRCDIR is the same, but build = timestamp, OBJDIR and DESTDIR are different. Here is a patch for current = (r228312): http://217.157.7.216/deterministic.diff. This is my first = attempt at a patch for the build infrastructure, so be warned :-) To try the patch, you must be running 9.0 or later, since the build = relies on the '-D' flag being available in ar(1) and ranlib(1) (ar is = not a build dependency). I have only tested this with GCC, not Clang. To build deterministically, you need to put WITH_DETERMINISTIC=3D"YES" = in both make.conf and from the command-line. I can't work out why both = are necessary. Main features of the patch: * Change ARFLAGS to add '-D' where ARFLAGS are hard-coded * Adds a RANLIBFLAGS variable * Remove '-g' from C/C++ debug clags where it is hard-coded * Strips binaries for debug info which contains file paths * Adds -frandom-seed to CXXFLAGS so the random seed in C++ binaries is = constant * Changes sendmail config file headers to be generic * Changes newvers.sh to create a generic vers.c file Currently missing and untested is building with different user logins, = different hostnames, different revisions (where e.g. only a comment is = changed), different SRCDIRs and probably other things I haven't thought = of. Also, I have only done rudimentary runtime testing. Here is the script I have used to build and test: = http://217.157.7.216/build_md.sh I'd be very grateful for any comments on the approach and the patch. Thanks, Erik=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F813133F-485D-4612-A695-42206E44B28A>