[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Reproducible Containers Paper
From: |
Ludovic Courtès |
Subject: |
Re: Reproducible Containers Paper |
Date: |
Tue, 17 Jan 2023 16:53:16 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) |
Hi Carl,
Carl Dong <contact@carldong.me> skribis:
> The paper is titled "Reproducible Containers”:
> https://dl.acm.org/doi/pdf/10.1145/3373376.3378519, featured by Meta in their
> post:
> https://developers.facebook.com/blog/post/2022/11/22/hermit-deterministic-linux-testing/
Interesting! Probably a sledgehammer for reproducible builds… except
perhaps for timestamp issues, as you write.
> I was thinking about this in terms of how to have timestamp reproducibility
> inside Guix build containers which has been a problem in the past for
> building from source, their approach in 5.3 is interesting (but perhaps a bit
> invasive).
Yes, this bit is interesting:
To ensure airtight interception of vDSO calls, DetTrace instead, just
after each execve system call, replaces the vDSO library code with our
implementation where each vDSO function makes a direct system
call—which is duly intercepted via ptrace. We furthermore make the
vvar page unreadable to prohibit any access to the raw
nondeterministic data that vDSO timing calls use.
I wonder what this entails exactly, and whether one needs to ptrace
every single process to intercept exec calls in child processes, which
would be prohibitive.
Thanks for sharing!
Ludo’.