Hi. > I would like to point out this Debian Reproducible build project: > https://wiki.debian.org/ReproducibleBuilds > https://reproducible.debian.net/reproducible.html
> IMHO, it would be a major improvement to be able to build the same > OpenWRT packages on different location. Yes, it would. So far we only care about ABI compatibility, using the released SDK is one way to build packages against a given release later on. > The reason why I am rebuilding OpenWRT packages is that I don't trust a > remote buildtool to provide an effective solution. > Are OpenWRT builds reproducible? If we build on different hosts, does it > provide the same package with same sha signature? Probably not. Nope they're not. As far as I know, nobody is actively working on it. Patches implementing that feature are welcome. The main things that need to be addressed are: - Strip rpaths, debug info, build ids and other cruft from elf binaries - Audit and rework the ipk archive generation procedure to generate bit-identical .tar.gz archives (ordered file lists, timestamps, etc.) - Identify packages which violate the reproducible build principles (e.g. embedding timestamps into binaries at build time, using __FILE__ defines etc.) I guess it will be hard to reach 100% coverage, you can likely only guarantee reproducibility for a defined subset of packages. ~ Jow _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
