[OE-core] [PATCH v2 0/6] Reproducible binaries

Juro Bystricky juro.bystricky at intel.com
Mon May 1 20:58:58 UTC 2017 

This patch set (V2) contains several patches aimed to achieve reproducible binaries.
Building reproducible binaries may remove certain intentional
randomness intended for increased security. Hence, it is reasonable
to expect there will be cases where this is not desirable.
The user can select his/her preferences via the variable
BUILD_REPRODUCIBLE_BINARIES. The variable defaults to "0" (do not
build reproducible binaries) in order to minimize any potential
regressions.

For debian packages we get a lot of binary identical packages simply by
exporting SOURCE_DATE_EPOCH. This is done automatically when
BUILD_REPRODUCIBLE_BINARIES="1".

For rootfs we get much fewer differences by modified prelinking and by
ensuring various timestamps are reproducible.

For example, building core-image-minimal with this patchset,
using the following settings in the local.conf:

    BUILD_REPRODUCIBLE_BINARIES="1"
    LDCONFIGDEPEND=""
    IMAGE_CMD_TAR="tar -v --sort=name"

    #Optional user specified timestams:
    REPRODUCIBLE_TIMESTAMP_IMAGE_PRELINK="1483228800"
    REPRODUCIBLE_TIMESTAMP_ROOTFS="1483228800"

we can build binary identical core-image-minimal-rootfs.tar.bz2 images.
(Tested on the same machine, two different build folders, images built at different
times)
Eventually, it will be possible to build identical identical core-image-minimal-rootfs.ext4
as well. (Note in this test case the rootfs is built without pre-built ldconfig aux-cache).
This patchset does not address the reproducibility of the linux kernel nor
the reproducibility of linux kernel modules.



Juro Bystricky (6):
  bitbake.conf: new variable BUILD_REPRODUCIBLE_BINARIES
  base.bbclass: initial support for binary reproducibility
  image-prelink.bbclass: support binary reproducibility
  rootfs-postcommands.bbclass: support binary reproducibility
  busybox.inc: improve reproducibility
  image.bbclass: support binary reproducibility

 meta/classes/base.bbclass                | 82 ++++++++++++++++++++++++++++++++
 meta/classes/image-prelink.bbclass       | 12 ++++-
 meta/classes/image.bbclass               | 12 +++++
 meta/classes/rootfs-postcommands.bbclass | 24 ++++++++--
 meta/conf/bitbake.conf                   | 11 +++++
 meta/recipes-core/busybox/busybox.inc    |  3 ++
 6 files changed, 140 insertions(+), 4 deletions(-)

-- 
2.7.4

More information about the Openembedded-core mailing list