[OpenWrt-Devel] reproducible OpenWrt?
Holger Levsen
holger at layer-acht.org
Sun Jun 14 17:53:31 EDT 2015
Dear OpenWrt developers,
to quote https://reproducible.debian.net/openwrt/ ;-)
Reproducible builds enable anyone to reproduce bit by bit identical binary
packages from a given source, so that anyone can verify that a given binary
derived from the source it was said to be derived. There is a lot more
information about reproducible builds on the Debian wiki at
https://wiki.debian.org/ReproducibleBuilds and on
https://reproducible.debian.net - The wiki has a lot more information, eg. why
this is useful, what common issues exist and which workarounds and solutions
are known.
Reproducible OpenWrt is an effort to apply this to OpenWrt Thus each OpenWR
target is build twice, with a few varitations added and then the resulting
images and packages from the two builds are compared using debbindiff, which
currently cannot detect .bin files as squashfs filesystems. Thus the resulting
debbindiff output is not nearly as clear as it could be - hopefully this
limitation will be overcome soon. Also please note that the toolchain is not
varied at all as the rebuild happens on exactly the same system. More
variations are expected to be seen in the wild.
There is a monthly run jenkins job to test the master branch of openwrt.git.
Currently this job is triggered more often though, because this is still under
development and brand new. The jenkins job is simply running
reproducible_openwrt.sh in a Debian environment and this script is solely
responsible for creating this page. Feel invited to join #debian-reproducible
(on irc.oftc.net) to request job runs whenever sensible. Patches and other
feedback are very much appreciated!
---end-quote------
And that's basically it. Go have a look at the above URLS and you might also
be interested to know that https://reproducible.debian.net/coreboot shows 100%
success for coreboot _atm_ (there are more variations in the wild and not all
payloads tested) and Debian sid is currently at 82% reproducibility.
I've only looked at very few .ipk packages linked in openwrt.html but all I've
looked at only need a simple modification when creating the inside tarballs to
set that these creation dates to the time+date of the last modification of the
source code...
Support to better analyze .bin squashfs files with debbindiff will be added
eventually, also we will build more openwrt targets soon too.
And then we might actually do full release rebuilds too and see if we can
reproduce your released files bit by bit one day ;-)
Last and definitly not least: thanks a lot for OpenWrt - I happily use it
daily! :)
cheers,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20150614/04445a52/attachment.sig>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list