[OpenWrt-Devel] reproducible OpenWrt?

John Crispin blogic at openwrt.org
Mon Jun 15 04:01:04 EDT 2015 

Hi H01gi,

just for the record here are some of the links that are relevant...

http://anonscm.debian.org/cgit/reproducible/dpkg.git/commit/?h=pu/reproducible_builds&id=3373ffd07e016ae1a81d12cb246fc6787f0bdbe1
 http://anonscm.debian.org/cgit/reproducible/dpkg.git/commit/?h=pu/reproducible_builds&id=3b8c480943929bbeabcbbc46831c356170a1ca98  http://anonscm.debian.org/cgit/reproducible/dpkg.git/commit/?h=pu/reproducible_builds&id=d84881f3f4faa57a2d61ba40bcdc7c2d7537fdf8
http://anonscm.debian.org/cgit/reproducible/dpkg.git/commit/?h=pu/reproducible_builds&id=a09849333b2ca211a1fa2ed02674c6af7b49c112

	John


On 14/06/2015 23:53, Holger Levsen wrote:
> Dear OpenWrt developers,
> 
> to quote https://reproducible.debian.net/openwrt/ ;-)
> 
> Reproducible builds enable anyone to reproduce bit by bit identical binary 
> packages from a given source, so that anyone can verify that a given binary 
> derived from the source it was said to be derived. There is a lot more 
> information about reproducible builds on the Debian wiki at 
> https://wiki.debian.org/ReproducibleBuilds and on 
> https://reproducible.debian.net - The wiki has a lot more information, eg. why 
> this is useful, what common issues exist and which workarounds and solutions 
> are known.
> 
> Reproducible OpenWrt is an effort to apply this to OpenWrt Thus each OpenWR 
> target is build twice, with a few varitations added and then the resulting 
> images and packages from the two builds are compared using debbindiff, which 
> currently cannot detect .bin files as squashfs filesystems. Thus the resulting 
> debbindiff output is not nearly as clear as it could be - hopefully this 
> limitation will be overcome soon. Also please note that the toolchain is not 
> varied at all as the rebuild happens on exactly the same system. More 
> variations are expected to be seen in the wild.
> 
> There is a monthly run jenkins job to test the master branch of openwrt.git. 
> Currently this job is triggered more often though, because this is still under 
> development and brand new. The jenkins job is simply running 
> reproducible_openwrt.sh in a Debian environment and this script is solely 
> responsible for creating this page. Feel invited to join #debian-reproducible 
> (on irc.oftc.net) to request job runs whenever sensible. Patches and other 
> feedback are very much appreciated!
> 
> ---end-quote------
> 
> And that's basically it. Go have a look at the above URLS and you might also 
> be interested to know that https://reproducible.debian.net/coreboot shows 100% 
> success for coreboot _atm_ (there are more variations in the wild and not all 
> payloads tested) and Debian sid is currently at 82% reproducibility.
> 
> I've only looked at very few .ipk packages linked in openwrt.html but all I've 
> looked at only need a simple modification when creating the inside tarballs to 
> set that these creation dates to the time+date of the last modification of the 
> source code...
> 
> Support to better analyze .bin squashfs files with debbindiff will be added 
> eventually, also we will build more openwrt targets soon too.
> 
> And then we might actually do full release rebuilds too and see if we can 
> reproduce your released files bit by bit one day ;-)
> 
> 
> Last and definitly not least: thanks a lot for OpenWrt - I happily use it 
> daily! :)
> 
> cheers,
> 	Holger
> 
> 
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
> 
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list