On Fri, 13 Feb 2015 18:15:24 +0100 Alexander <[email protected]> wrote:
> On 02/09/2015 01:41 PM, Denis 'GNUtoo' Carikli wrote: > > * For coreboot, we can dump it, but I guess there is no reproducible > > build procedure in place. So it's wroth trying to see if that can > > be done. > > I would be very interested to know more about what makes a build > process reproducible? My guess is that this would be if the > components used in the building procedure are specified (so that > there is no variation occuring i.e. simply because different > compiler(versions) generate different code i.e. due to optimization > patters being differnt etc.?) Well, it's rather the opposite way. What is interesting is what makes a build *not* reproducible. Then making it reproducible is just removing the differences in the build process that makes it not reproducible. Very common examples: * Timestamps are used in the build -> remove or fake timestamps * machine hostname is used in the build Such things are very useful for developers, when you are building->testing->changing_code->building in a loop, then it helps a lot: You can identify the code associated with the running image with more certainty. But then it's not a wanted feature for a release. Denis.
pgpMA04B6u03P.pgp
Description: OpenPGP digital signature
