Hi Carl, Carl Dong <[email protected]> skribis:
> The paper is titled "Reproducible Containers”: > https://dl.acm.org/doi/pdf/10.1145/3373376.3378519, featured by Meta in their > post: > https://developers.facebook.com/blog/post/2022/11/22/hermit-deterministic-linux-testing/ Interesting! Probably a sledgehammer for reproducible builds… except perhaps for timestamp issues, as you write. > I was thinking about this in terms of how to have timestamp reproducibility > inside Guix build containers which has been a problem in the past for > building from source, their approach in 5.3 is interesting (but perhaps a bit > invasive). Yes, this bit is interesting: To ensure airtight interception of vDSO calls, DetTrace instead, just after each execve system call, replaces the vDSO library code with our implementation where each vDSO function makes a direct system call—which is duly intercepted via ptrace. We furthermore make the vvar page unreadable to prohibit any access to the raw nondeterministic data that vDSO timing calls use. I wonder what this entails exactly, and whether one needs to ptrace every single process to intercept exec calls in child processes, which would be prohibitive. Thanks for sharing! Ludo’.
