Ok, I have a patch for that. It seems to work fine. I added it to https://github.com/Boskovits/quagga.git <https://github.com/Boskovits/quagga.git>on branch reproducible-build <https://github.com/Boskovits/quagga/tree/reproducible-build>.
It just makes what Nick Hilliard suggested, replaces keys with sort keys. It might increase build time, but the impact seem negligible. The advantages are, that this way bit-by-bit reproducible binaries are generated. See https://reproducible-builds.org/ if further reference needed. 2017-06-23 20:46 GMT+02:00 Gábor Boskovits <[email protected]>: > Thanks, i have found out. > We need this to provide substitues. > I guess this won't go upstream, so I will maintain it separate. > > > 2017-06-23 20:39 GMT+02:00 Nick Hilliard <[email protected]>: > >> Gábor Boskovits wrote: >> > The only problem seem, that the build is not reproducible. >> > >> > I managed narrow that down to that generating vtysh_cmd.c is not >> > deterministic. >> > >> > At first I thought is is just an ordering issue. >> >> It's just an ordering issue. The reason for this behaviour is explained >> here: >> >> > http://perldoc.perl.org/perlsec.html#Algorithmic-Complexity-Attacks >> >> If it bothers you, you can fix it by replacing all instances of "keys" >> in vtysh/extract.pl by "sort keys". >> >> Nick >> >> >
_______________________________________________ Quagga-dev mailing list [email protected] https://lists.quagga.net/mailman/listinfo/quagga-dev
