[Bug 236081] [release][reproducibility] ISO images and memstick images are not build reproducible

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Feb 27 15:48:05 UTC 2019 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236081

            Bug ID: 236081
           Summary: [release][reproducibility] ISO images and memstick
                    images are not build reproducible
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: misc
          Assignee: bugs at FreeBSD.org
          Reporter: gjb at FreeBSD.org
                CC: re at FreeBSD.org

Recently, it had been discovered that FreeBSD installation medium, ISOs and
memory stick images, are not fully reproducible in head, stable/12, and
stable/11, and presumably earlier releases.

During investigation, one commit in particular had been identified as part of
the reproducibility issue, however it had been determined that the issue stems
far beyond one change to ISO and memstick image creation tooling.

At present, it had been observed that r342283, produces a non-reproducible
"hybrid.img" file which contains the PMBR, GPT, and boot code, which is written
to the System Area of an ISO.

However, it also had been observed that this is one of many reproducibility
issues.

Steps to recreate a test case are:

# make -C /usr/src buildworld buildkernel
# make -C /usr/src/release bootonly.iso
# mv /usr/obj/usr/src/amd64.amd64/release/bootonly.iso \
  /usr/ojb/usr/src/amd64.amd64/release/bootonly.1.iso
# make -C /usr/src/release bootonly.iso
# mv /usr/obj/usr/src/amd64.amd64/release/bootonly.iso \
  /usr/obj/usr/src/amd64.amd64/release/bootonly.2.iso

Verifying the SHA512 checksums on bootonly.1.iso and bootonly.2.iso show:
# sha512 /usr/ojb/usr/src/amd64.amd64/release/bootonly.?.iso
SHA512 (bootonly.1.iso) =
6e585f46d36672a7d77d78b57cef8bb6f41d932a24b9d860274da228bdc55358be11f5896644eb9ca141cbb2192e25ffa10e0cb416c19ba06d94b8d16386c1e2
SHA512 (bootonly.2.iso) =
16bdafff5a6ec60448c77ba4ede5fae17e9288791a03fcc69acae4b572a88bab26c4f41b60a318cc71a09b1ab8b9b4ddee5cc09821e0475d0322bca861534899

Using the diffoscope utility provided by sysutils/py-diffoscope and isoinfo
included by sysutils/cdrtools, differences in file/directory access (atime),
modification (mtime), and creation (ctime) times are observed.

Example ISOs are available at:
https://people.freebsd.org/~gjb/repro/bootonly.1.iso
https://people.freebsd.org/~gjb/repro/bootonly.2.iso

An example report produced with the diffoscope utility can be found at:
https://people.freebsd.org/~gjb/repro/diffoscope.html

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list