Dear OpenWrt developers, to quote https://reproducible.debian.net/openwrt/ ;-)
Reproducible builds enable anyone to reproduce bit by bit identical binary packages from a given source, so that anyone can verify that a given binary derived from the source it was said to be derived. There is a lot more information about reproducible builds on the Debian wiki at https://wiki.debian.org/ReproducibleBuilds and on https://reproducible.debian.net - The wiki has a lot more information, eg. why this is useful, what common issues exist and which workarounds and solutions are known. Reproducible OpenWrt is an effort to apply this to OpenWrt Thus each OpenWR target is build twice, with a few varitations added and then the resulting images and packages from the two builds are compared using debbindiff, which currently cannot detect .bin files as squashfs filesystems. Thus the resulting debbindiff output is not nearly as clear as it could be - hopefully this limitation will be overcome soon. Also please note that the toolchain is not varied at all as the rebuild happens on exactly the same system. More variations are expected to be seen in the wild. There is a monthly run jenkins job to test the master branch of openwrt.git. Currently this job is triggered more often though, because this is still under development and brand new. The jenkins job is simply running reproducible_openwrt.sh in a Debian environment and this script is solely responsible for creating this page. Feel invited to join #debian-reproducible (on irc.oftc.net) to request job runs whenever sensible. Patches and other feedback are very much appreciated! ---end-quote------ And that's basically it. Go have a look at the above URLS and you might also be interested to know that https://reproducible.debian.net/coreboot shows 100% success for coreboot _atm_ (there are more variations in the wild and not all payloads tested) and Debian sid is currently at 82% reproducibility. I've only looked at very few .ipk packages linked in openwrt.html but all I've looked at only need a simple modification when creating the inside tarballs to set that these creation dates to the time+date of the last modification of the source code... Support to better analyze .bin squashfs files with debbindiff will be added eventually, also we will build more openwrt targets soon too. And then we might actually do full release rebuilds too and see if we can reproduce your released files bit by bit one day ;-) Last and definitly not least: thanks a lot for OpenWrt - I happily use it daily! :) cheers, Holger
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
