Re: [PATCH] build: store buildsystem revision in packages
Hi Paul, On Wed, Jul 15, 2020 at 02:56:58PM -1000, Paul Spooren wrote: > To support the verification efforts of the reproducible-builds.org team > this patch adds the buildsystem revision to the package index. This way > external feeds all external feeds can be rebuild and verified. cool! :) I've also seen the 2nd version of this patch at http://lists.openwrt.org/pipermail/openwrt-devel/2020-July/030325.html and wondering what the status of merging it is? -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C Dance like no one's watching. Encrypt like everyone is. signature.asc Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] never post cranky
Hi Daniel, don't worry too much, everybody has been on a wrong track at some time. OTOH, not everybody has realized that, so cheers to you! cheers, Holger signature.asc Description: This is a digitally signed message part. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] base-files: For sysfixtime use hwclock if RTC available
Hi, On Sonntag, 10. Januar 2016, Daniel Dickinson wrote: > I had assumed it was automatic detection, (hence the comments about > Patchwork), not something someone has added as their own personal > excessively OCD-esque requirements. I follow this list very loosely (= I read the mails very quickly if at all) and after your 3 mails about this I looked at said patch of yours for half a second and saw the whitespace problem. These are really easy to spot if you are used to doing code reviews. No OCD requirements needed. How about you just fix that patch and move on? Whitespace inconsistencies are teh pain. cheers, Holger signature.asc Description: This is a digitally signed message part. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Progress on Reproducible Builds
Hi, to also state it on this list: great work and summary! and btw, if you haven't seen: https://reproducible-builds.org/ you probably should have a look! On Freitag, 23. Oktober 2015, bnewb...@robocracy.org wrote: > I have some patches to the OpenWRT build system and a small number of core > packages (host and target), and am writing now to ask how best to start > submitting them. I could: > > 1. Submit all patches now as-is (following OpenWRT conventions) > 2. Wait until the work reaches a milestone (eg, most image artifacts are > reproducible) and submit then > 3. Upstream patches to other projects first (busybox and squashfs-tools) > 4. Or something else I think you should do 1+3 :) > I think a valuable milestone will be the ability for independent parties > to reproduce all the .ipkg, kernel, rootfs, and image files for a given > architecture, given the release tag (for the openwrt repo and any package > feeds) and the "config.diff" file included in releases on > http://downloads.openwrt.org/. agreed. cheers, Holger signature.asc Description: This is a digitally signed message part. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] SVN to GIT transition
Hi, (just a tiny datapoint...) On Montag, 12. Oktober 2015, Felix Fietkau wrote: > Which part is cumbersome for you and how exactly would switching the > main repo to git solve it? *g* that reminded me to check, and indeed, I only use git://git.openwrt.org/openwrt.git anyway :) I *guess* most people can base their work on this anyway already, so maybe just give the poor souls still using svn some slack, until they find time and ressources to migrate? ;-) cheers, Holger signature.asc Description: This is a digitally signed message part. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] reproducible ipk packages and building openssl with -j
Hi, two days ago the .ipk packages for the first time were tested (mostly) successfully and today https://reproducible.debian.net/openwrt/openwrt.html shows that 209 (98.5%) out of 212 built packages were reproducible in our test setup. The remaining offender is busybox, which is reproducible in Debian, see https://reproducible.debian.net/busybox So far, so very great! :-) https://jenkins.debian.net/view/reproducible/job/reproducible_openwrt/31/console shows the build from two days ago, were ramimps didnt reach 98.5% because openssl failed to build, thus causing other packages to fail to build. Just rescheduling the job fixed that, so I assume openssl was once again build with -j, which doesn't work reliably (according both to my experience and an openssl developer I've spoken to yesterday). That said, I do recall having seen a commit forcing -j 1 when building openssl for openwrt, so I'm wondering whether that commit was limited to some archs only or maybe was removed again? cheers, Holger signature.asc Description: This is a digitally signed message part. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] reproducible ipk packages and building openssl with -j
On Donnerstag, 16. Juli 2015, Holger Levsen wrote: That said, I do recall having seen a commit forcing -j 1 when building openssl for openwrt, so I'm wondering whether that commit was limited to some archs only or maybe was removed again? FWIW, I ment http://git.openwrt.org/?p=openwrt.git;a=commit;h=b38dd06826ae2c0c3041dd334ffc3c0bf60055a5 signature.asc Description: This is a digitally signed message part. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] reproducible OpenWrt?
Hi, On Montag, 15. Juni 2015, John Crispin wrote: just for the record here are some of the links that are relevant... http://anonscm.debian.org/cgit/reproducible/dpkg.git/commit/?h=pu/reproduci ble_buildsid=3373ffd07e016ae1a81d12cb246fc6787f0bdbe1 http://anonscm.debian.org/cgit/reproducible/dpkg.git/commit/?h=pu/reproduc ible_buildsid=3b8c480943929bbeabcbbc46831c356170a1ca98 http://anonscm.debian.org/cgit/reproducible/dpkg.git/commit/?h=pu/reproduc ible_buildsid=d84881f3f4faa57a2d61ba40bcdc7c2d7537fdf8 http://anonscm.debian.org/cgit/reproducible/dpkg.git/commit/?h=pu/reproduc ible_buildsid=a09849333b2ca211a1fa2ed02674c6af7b49c112 I showed these patches to John to explain how we taught dpkg to create reproducible metadata - which is what is unreproducible in eg. https://reproducible.debian.net/openwrt/dbd/ar71xx/base/dropbear_2015.67-1_ar71xx.ipk.html So something similar needs to be done for ipkg. Btw, does anyone know whom to attribute the OpenWrt artwork too? I'd like to mention it's copyright correctly in the footer of https://reproducible.debian.net/openwrt/ (like it is done for /coreboot/) cheers, Holger signature.asc Description: This is a digitally signed message part. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] reproducible OpenWrt?
Dear OpenWrt developers, to quote https://reproducible.debian.net/openwrt/ ;-) Reproducible builds enable anyone to reproduce bit by bit identical binary packages from a given source, so that anyone can verify that a given binary derived from the source it was said to be derived. There is a lot more information about reproducible builds on the Debian wiki at https://wiki.debian.org/ReproducibleBuilds and on https://reproducible.debian.net - The wiki has a lot more information, eg. why this is useful, what common issues exist and which workarounds and solutions are known. Reproducible OpenWrt is an effort to apply this to OpenWrt Thus each OpenWR target is build twice, with a few varitations added and then the resulting images and packages from the two builds are compared using debbindiff, which currently cannot detect .bin files as squashfs filesystems. Thus the resulting debbindiff output is not nearly as clear as it could be - hopefully this limitation will be overcome soon. Also please note that the toolchain is not varied at all as the rebuild happens on exactly the same system. More variations are expected to be seen in the wild. There is a monthly run jenkins job to test the master branch of openwrt.git. Currently this job is triggered more often though, because this is still under development and brand new. The jenkins job is simply running reproducible_openwrt.sh in a Debian environment and this script is solely responsible for creating this page. Feel invited to join #debian-reproducible (on irc.oftc.net) to request job runs whenever sensible. Patches and other feedback are very much appreciated! ---end-quote-- And that's basically it. Go have a look at the above URLS and you might also be interested to know that https://reproducible.debian.net/coreboot shows 100% success for coreboot _atm_ (there are more variations in the wild and not all payloads tested) and Debian sid is currently at 82% reproducibility. I've only looked at very few .ipk packages linked in openwrt.html but all I've looked at only need a simple modification when creating the inside tarballs to set that these creation dates to the time+date of the last modification of the source code... Support to better analyze .bin squashfs files with debbindiff will be added eventually, also we will build more openwrt targets soon too. And then we might actually do full release rebuilds too and see if we can reproduce your released files bit by bit one day ;-) Last and definitly not least: thanks a lot for OpenWrt - I happily use it daily! :) cheers, Holger signature.asc Description: This is a digitally signed message part. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel