Hi all! To inspire reproducible builds of Replicant, I built 6.0-0003 twice from scratch (including two different builds of the toolchain) and ran diffoscope on the resulting images. The two builds uses the same signing key to reduce differences.
https://josefsson.org/local1-vs-local2.html warning: BIG FILE! The good thing is that it appears to be a feasible number of differences to deal with, if anyone wants to help debug things further. There are quite some noice in the output that might be easy (or not) to resolve, like the build-id's, timestamps and hard-coded paths. My detailed manual analysis of the output is, major things first: * boot.img 4MB system/recovery-from-boot.p 1.5MB recovery/recovery-from-boot.p 1.5MB same as previous? These are opaque (compressed?) image files with large differences. What do they contain? Kernel? Initrd ramdisk? Can we teach diffoscope to unpack them? * system/framework/core-libart.jar system/lib/libGLES_trace.so system/lib/libwebrtc_audio_preprocessing.so system/lib/modules/dhd.ko system/xbin/perfprofd These are large diff's. Does anyone know what each of these files do? Is the reason for the differences due to Java/C++ name mangling only? Perhaps building with the same toolchain avoids these diff's, but I like having independently built toolchains too. * system/bin/install-recovery.sh and recovery/bin/install-recovery.sh: Contains some hash, timestamp or build-id data. How are the hashes generated? Minor things: * META-INF/com/android/metadata: timestamp * META-INF/com/google/android/update-binary: Build-Id. * META-INF/CERT.RSA: what is stored at the end? RSA sigs should be deterministic if the input are the same. * system/app/messaging/messaging.apk: system/bin/*: system/etc/ppp/ip-up-vpn: Build date/id, sha1 checksum. * system/build.prop: build info diff's. * system/etc/NOTICE.html.gz: contains paths from build system? * system/lib/*: build id diff. * system/etc/recovery-resource.dat: system/framework/*: Timestamp in zip metadata. * system/etc/security/otacerts.zip: contains a hard-coded path from the build machine. Cheers, /Simon
signature.asc
Description: PGP signature
_______________________________________________ Replicant mailing list [email protected] https://lists.osuosl.org/mailman/listinfo/replicant
