Removing build metadata, for reproducible kernel builds

Thu Dec 3 05:51:38 UTC 2015

> On Dec 2, 2015, at 10:36 AM, Ed Maste <emaste at FreeBSD.org> wrote:
> 
> The main issue currently preventing kernel builds from being
> reproducible[1] is the build metadata itself that's included (time,
> user, host, build path). In order to make the kernel build
> reproducible I plan to remove these by default, and add a src.conf
> knob to enable them for developers who want them in their own builds.
> 
> The user-facing effect of this is that the kern.version sysctl no
> longer conveys this information, and uname -a changes from something
> like:
> 
> FreeBSD ref11-amd64.freebsd.org 11.0-CURRENT FreeBSD 11.0-CURRENT #0
> r288681: Mon Oct  5 01:40:11 UTC 2015
> peter at build-11.freebsd.org:/usr/obj/usr/src/sys/CLUSTER11  amd64
> 
> to something like:
> 
> FreeBSD feynman 10.2-STABLE FreeBSD 10.2-STABLE #44
> r288174+7644546(stable-10) amd64
> 
> The current version of the change is available for review at
> https://reviews.freebsd.org/D4347.
> 
> [1] See https://reproducible-builds.org/ for more information on the
> reproducible builds project.

I noted in the review that I don’t like the default being no.

I also don’t like that we’re growing lots of different knobs that need
to be set to get a repeatable build. Let’s have one, or barring that,
let’s have one that sets all the sub-knobs.

I think that host and path are more worthless than date and time
in many environments. Who builds it likewise. Those are all things
that are likely to change between builds, yet change the kernel
image. I’d rather see it all gone when this option is in effect.
And I’d rather see the default be to the historical behavior.
The build number too is kinda lame here, since that’s just a history
of the number of tries. If you are building from svn, it should be
zero. But if you’re rebuilding, you can easily get that number over
100 as you update from rev to rev and reboot. It’s better to have
the date / time of the build so if you are seeing a problem on a
test machine, you’ll know more firmly if the build has that thing
you fixed yesterday afternoon or not by the date / time it
was built, and by whom (since my kernels after 9:15am
have the fix, but nobody else does before 2:00pm since
that’s when I checked it in).

So I see the need for the feature, in general. But this doesn’t
implement a reproducible build due to the build number, the
user, the host and the path still being encoded into it. That makes
the change to remove date / time completely arbitrary which
is annoying because they are useful in many environments
where it would be difficult to force everybody to ‘opt in’ to
having them included. It’s easier to opt-out the release
process.

Warner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20151202/66922eeb/attachment.bin>