It is case specific and involves fingerprinting each built file. For example, with prelinking you rewrite the elf headers, and to verify equivalence you simply set the linker instructions to 0 while calculating the file checksum.
On Mon, Jan 4, 2016, 1:01 AM Tim Barbour <[email protected]> wrote: > On Sat, 26 Dec 2015 09:07:38 +0000, > Wout Mertens wrote: > > If web-of-trust is the best solution, and the only blocker is build > reproducability, how about trying to classify > > build differences? > > > > Each of the differences will have a reason, and either we can fix the > build to be deterministic (e.g. timestamps, > > build paths), or we can classify a class of changes as equivalent (e.g. > optimalizations resulting in equivalent > > code, prelinking). > > [...] > > Your suggestion sounds a bit like homotopy, which type theorists are now > using > to resolve their long-standing difficulties with intensional vs extensional > equality; perhaps there is a connection between these difficulties and the > fact that Nixos is not yet using the intensional Nix store model. > > How would one verify that the builds are equivalent, and that the > difference > is not due to a malicious modification ? > > Tim > -- Wout. (typed on mobile, excuse terseness)
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
