[OE-core] [PATCH 0/4] Reproducible binaries
Juro Bystricky
juro.bystricky at intel.com
Tue Apr 25 18:14:04 UTC 2017
This patch set contains several patches aimed to achieve reproducible binaries.
Building reproducible binaries may remove certain intentional
randomness intended for increased security. Hence, it is reasonable
to expect there will be cases where this is not desirable.
The user can select his/her preferences via the variable
BUILD_REPRODUCIBLE_BINARIES. The variable defaults to "0" (do not
build reproducible binaries) in order to minimize any potential
regressions. (Once the reproducible binaries code is mature enough,
it can be set to "1".)
The patch set is rather simple, targeting the "low hanging fruit".
For debian packages we get a lot of binary identical packages simply by
exporting SOURCE_DATE_EPOCH.
For rootfs we get much fewer differences by modified prelinking and by
ensuring various timestamps are reproducible.
Juro Bystricky (4):
bitbake.conf: new variable BUILD_REPRODUCIBLE_BINARIES
base.bbclass: initial support for binary reproducibility
image-preling.bbclass: support binary reproducibility
rootfs-postcommands.bbclass: support binary reproducibility
meta/classes/base.bbclass | 82 ++++++++++++++++++++++++++++++++
meta/classes/image-prelink.bbclass | 9 +++-
meta/classes/rootfs-postcommands.bbclass | 18 ++++++-
meta/conf/bitbake.conf | 3 ++
4 files changed, 109 insertions(+), 3 deletions(-)
--
2.7.4
More information about the Openembedded-core
mailing list