This patch set contains several patches aimed to achieve reproducible binaries. Building reproducible binaries may remove certain intentional randomness intended for increased security. Hence, it is reasonable to expect there will be cases where this is not desirable. The user can select his/her preferences via the variable BUILD_REPRODUCIBLE_BINARIES. The variable defaults to "0" (do not build reproducible binaries) in order to minimize any potential regressions. (Once the reproducible binaries code is mature enough, it can be set to "1".)
The patch set is rather simple, targeting the "low hanging fruit". For debian packages we get a lot of binary identical packages simply by exporting SOURCE_DATE_EPOCH. For rootfs we get much fewer differences by modified prelinking and by ensuring various timestamps are reproducible. Juro Bystricky (4): bitbake.conf: new variable BUILD_REPRODUCIBLE_BINARIES base.bbclass: initial support for binary reproducibility image-preling.bbclass: support binary reproducibility rootfs-postcommands.bbclass: support binary reproducibility meta/classes/base.bbclass | 82 ++++++++++++++++++++++++++++++++ meta/classes/image-prelink.bbclass | 9 +++- meta/classes/rootfs-postcommands.bbclass | 18 ++++++- meta/conf/bitbake.conf | 3 ++ 4 files changed, 109 insertions(+), 3 deletions(-) -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core