[Wylug-help] Reproduceable kernel build.
Thomas, Nicholas
nick.thomas at eldon.co.uk
Mon, 2 Jun 2003 08:38:57 -0600
> -----Original Message-----
> From: Timothy Baldwin [mailto:T.E.Baldwin99@members.leeds.ac.uk]
> Sent: 02 June 2003 15:21
> To: wylug-help@wylug.org.uk
> Subject: Re: [Wylug-help] Reproduceable kernel build.
>
>
> --
> Content-Description: signed data
>
> On Monday 02 Jun 2003 10:12 am, Thomas, Nicholas wrote:
>
> > The method chosen involves doing md5 checksums on the all
> the binary
> > deliverable parts of the product.
> >
> > However, the linux kernel uses __DATE__ and __TIME__ macros
> in various
> > source files. And also it uses `date` in the top level Makefile and
> > puts this into the compile.h file. This means that some files get
> > different checksum values on subsequent builds because the
> date/time
> > doesn't match exactly.
>
> They are only used in human readable strings, and can safely
> be changed into constant strings, assuming no software is
> using them to identify paritcular kernel builds. I haven't
> tried this myself.
>
> > Also there is a lib.a in the kernel which appears to be different
> > after each build (not sure what is causing this to be different).
>
> It contains timestamps of it's compoment object files.
Yes, I just worked this out. The component parts of the archive do indeed
compare exactly between builds.
It is the timestamps which get into the archive which cause the problems.
Much like when timestamps
of files get into a tar archive.
I could unpack the archive and md5sum the original libraries, but I think I
will simply md5sum all *.o files in the
kernel source tree, except piggy.o.
This works OK for the build (at the moment).
I noticed that the top level Makefile uses `date` to put some date and time
info into compile.h file.
This can be easily modified with some perl script etc.
>
> > 3) Give the formal testers instructions on how to do the
> build, plus
> > report produces in step (2).
>
> Give them the kernel source and the .config file, and specify
> exact versions of gcc (and binutils).
>
Well, this is essentially what we do, but through an automoated script.
And we have a Server PC which is dedicated to releasing software, so the
software tools are already setup.
The formal testers in this context are unit testers - not software specific
staff, although they have
quite a lot of software experience amongst them.
>
> --
> Member AFFS, WYLUG, SWP (UK), ANL, Leeds SA, Leeds Anti-war
> coalition OpenPGP key fingerprint: D0A6 F403 9745 CED4 6B3B
> 94CC 8D74 8FC9 9F7F CFE4
> No to software patents! No to DRM/EUCD - hands off our computers!
> --
> Content-Description: signature
>
> [ Content of type application/pgp-signature deleted ]
> --
>
> _______________________________________________
> Wylug-help mailing list
> Wylug-help@wylug.org.uk
> http://list.wylug.org.uk/mailman/listinfo/wylu> g-help
>