[OpenWrt-Devel] OpenWRT reproducible build

Jo-Philipp Wich jow at openwrt.org
Wed Mar 25 07:20:45 EDT 2015


Hi.
> I would like to point out this Debian Reproducible build project:
> https://wiki.debian.org/ReproducibleBuilds
> https://reproducible.debian.net/reproducible.html

> IMHO, it would be a major improvement to be able to build the same
> OpenWRT packages on different location. 

Yes, it would. So far we only care about ABI compatibility, using the
released SDK is one way to build packages against a given release later on.

> The reason why I am rebuilding OpenWRT packages is that I don't trust a
> remote buildtool to provide an effective solution.
> Are OpenWRT builds reproducible? If we build on different hosts, does it
> provide the same package with same sha signature? Probably not.

Nope they're not. As far as I know, nobody is actively working on it.
Patches implementing that feature are welcome.

The main things that need to be addressed are:
- Strip rpaths, debug info, build ids and other cruft from elf binaries
- Audit and rework the ipk archive generation procedure to generate
  bit-identical .tar.gz archives (ordered file lists, timestamps, etc.)
- Identify packages which violate the reproducible build principles
  (e.g. embedding timestamps into binaries at build time, using
   __FILE__ defines etc.)

I guess it will be hard to reach 100% coverage, you can likely only
guarantee reproducibility for a defined subset of packages.

~ Jow
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list