On Thu, Feb 26, 2015 at 8:10 AM, Patrick Georgi via coreboot coreboot@coreboot.org wrote:
2015-02-26 16:23 GMT+01:00 Emilian Bold emilian.bold@gmail.com:
It seems that Coreboot doesn't have reproducible builds yet.
You're right, it doesn't. One of the major items is probably to replace the current build time stamps with something more reasonable. For example, the current commit's time stamp (unless the tree is dirty, in which reproducability is impossible).
There are two facets to this issue:
- when an image needs to built from source, we want the binary to be the same. In case the tree is dirty we might include a hash of the tree diffs against the top SHA1, just a thought.
- build always recompiles some files and relinks the image, even if there is not source code changes. Is this really necessary, shouldn't make just do nothing in case the source did not change?
--vb
I think Coreboot should adopt this concept.
Patches accepted.
It seems like we are halfway there with INCLUDE_CONFIG_FILE but what I've noticed is that even if I extract the CONFIG_ values the build still needs some manual tweaking.
Ideally we should record the tools used (crossgcc version, etc), the
We do.
coreboot git revision id,
We do.
the CONFIG_ values and the build info for the
We optionally do.
payloads (for the auto-downloaded SeaBIOS I think just the git revision id would be enough).
Payloads are more intricate. I'd stick with the coreboot parts, that is, a coreboot build without adding a payload is bit-identical. Then do the same for the payload (we can add meta-data to cbfs files or store payload information in a separate cbfs file).
Is there anyone willing to help me with this (or already working on this)?
Like Peter I'm happy to review changesets on gerrit.
Patrick
Google Germany GmbH ABC-Str. 19 20354 Hamburg
Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores
-- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot
-
Vadim Bendebury