[OpenWrt-Devel] OpenWRT reproducible build
jow at openwrt.org
Wed Mar 25 07:20:45 EDT 2015
> I would like to point out this Debian Reproducible build project:
> IMHO, it would be a major improvement to be able to build the same
> OpenWRT packages on different location.
Yes, it would. So far we only care about ABI compatibility, using the
released SDK is one way to build packages against a given release later on.
> The reason why I am rebuilding OpenWRT packages is that I don't trust a
> remote buildtool to provide an effective solution.
> Are OpenWRT builds reproducible? If we build on different hosts, does it
> provide the same package with same sha signature? Probably not.
Nope they're not. As far as I know, nobody is actively working on it.
Patches implementing that feature are welcome.
The main things that need to be addressed are:
- Strip rpaths, debug info, build ids and other cruft from elf binaries
- Audit and rework the ipk archive generation procedure to generate
bit-identical .tar.gz archives (ordered file lists, timestamps, etc.)
- Identify packages which violate the reproducible build principles
(e.g. embedding timestamps into binaries at build time, using
__FILE__ defines etc.)
I guess it will be hard to reach 100% coverage, you can likely only
guarantee reproducibility for a defined subset of packages.
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
More information about the openwrt-devel