[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Deterministic Library Calls when Building

From: Jookia
Subject: Re: Deterministic Library Calls when Building
Date: Mon, 21 Mar 2016 04:35:48 +1100
User-agent: Mutt/1.5.24 (2015-08-30)

On Sun, Mar 20, 2016 at 12:53:42PM -0400, Karl Semich wrote:
> It seems to me it would be the most reliable, future-proof, way, but might
> have the downside of making it a step harder for people without the special
> environment to reproduce the build.
> I'm pretty new at looking under the hood of linux, but I can imagine these
> approaches at least:
> - preload system library wrappers around key nondeterministic functions
> - replace /dev/*random with fakes (could be named pipes, dummy devices fed
> by modules, or just flat files!)
> - replace system libraries with fullblown libraries with nondeterministic
> calls rewritten (could merge changes upstream, provide a flag)
> - create a kernel module which alters the behavior of the running kernel to
> be more deterministic
> - change the kernel itself to have a "deterministic mode" (could merge
> upstream)
> The goal of making packages deterministic would change from modifying the
> packages themselves, to modifying the build environment, with the hope of
> making a build environment that always creates deterministic builds for
> normal software packages.  This should be very possible.
> The approach of small library wrappers and/or replacing device files could
> be pretty fast to implement, but not as "far thinking" as the other end of
> the spectrum, where changes to glibc and linux could be merged upstream.

I think this would only really be useful if it could be detected that these
sources or nondeterministic functions are being used and flagged for patching

reply via email to

[Prev in Thread] Current Thread [Next in Thread]