[tor-talk] Deterministic builds?
Eitan Adler
lists at eitanadler.com
Thu Jan 5 15:37:44 UTC 2012
On Thu, Jan 5, 2012 at 8:30 AM, Greg Troxel <gdt at work.lexort.com> wrote:
>
> We believe that Windows and Mac OS X both produce build results that are
> extremely difficult to verify. On Gnu/Linux sometimes the build results
> are difficult to verify.
>
> I am not crystal clear on all the details, but NetBSD has recently
> undergone a perhaps-similar effort, with the goal being that one should
> be able to start with identical sources and get bit-identical binary
> releases.
FreeBSD is undergoing the same process as well.
>
> Key elements include:
>
> Using a toolchain that is part of the source tree.
>
> Modifying the toolchain to not embed timestamps.
>
> Cleaning up everyplace else that allowed variation.
Also include
- Setting the random seeds for the compiler (ie -frandom-seed)
- Stripping path information from the binaries.
--
Eitan Adler
More information about the tor-talk
mailing list