[Nix-dev] Deterministic(bit-perfect) Builds
Vladimír Čunát
vcunat at gmail.com
Tue Jun 25 13:20:27 CEST 2013
On 06/25/2013 11:43 AM, phreedom at yandex.ru wrote:
>> Wouldn't it be more certain/universal to LD_PRELOAD or something to
>> achieve that the system time always looks the same to any build-time
>> tool? (e.g. UNIX time =0)
>
> This is a bit platform-specific and there may be other gotchas like getting the
> mtime using stat instead of querying system time. Other impurities in static
> libs are uid/gid of the file.
I would think that the file timestamps also originate from system time
so we could kill more birds with one stone... but I don't have a clue
whether/how such a sandbox can be done easily (in Linux; I assume our
main target for purity is Linux, the others are impure for other reasons
as well).
>>> Unstripped binaries: may be contaminated by "build-id". Can be avoided
>>> either by passing ld --build-id=none param or careful stripping. Needs
>>> testing. Luckily this is a very small subset of packages.
>>
>> I looked at "man ld" and I think we rather want --build-id=sha1 as it's
>> explicitly stated that the ID is uniquely determined by the output.
>
> I haven't checked for sure but vandenoever's tests seem to indicate that the
> default build id is in fact sha1 and it depends on the build dir :(
Ah, well, from [buildID docs] it doesn't seems so, but we can do with
--build-id=none... paths are unique IDs already :-)
[buildID docs]
https://fedoraproject.org/wiki/Releases/FeatureBuildId#Add_BuildID_Support
Vlada
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3251 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.science.uu.nl/pipermail/nix-dev/attachments/20130625/d155942f/attachment.bin
More information about the nix-dev
mailing list