Fedora 41 Approved To Make Package Builds More Reproducible

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • phoronix
    Administrator
    • Jan 2007
    • 67364

    Fedora 41 Approved To Make Package Builds More Reproducible

    Phoronix: Fedora 41 Approved To Make Package Builds More Reproducible

    In addition to approving -O3 optimized Python builds, the Fedora Engineering and Steering Committee (FESC)) this week unanimously approved a Fedora 41 change proposal for making RPM package builds more reproducible...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
  • uid313
    Senior Member
    • Dec 2011
    • 6921

    #2
    Canonical needs to look into this too for Ubuntu!

    Comment

    • rene
      Senior Member
      • Jul 2015
      • 1505

      #3
      pretty cool. Only 20 years after T2/Linux https://t2sde.org ;-)

      Comment

      • Jumbotron
        Senior Member
        • Jul 2015
        • 1260

        #4
        Originally posted by uid313 View Post
        Canonical needs to look into this too for Ubuntu!
        Amen and amen. Let it be so.

        Comment

        • mSparks
          Senior Member
          • Oct 2007
          • 2101

          #5
          does anyone know how builds became non deterministic in the first place? How was this ever a thing?

          Comment

          • luno
            Senior Member
            • May 2022
            • 260

            #6
            does compiler optimisations like LTO/BOLT are compatible with this (i have read somewhere it is possible), In NixOS they disable many compiler optimisation due to Reproduciblity

            Comment

            • Jaxad0127
              Senior Member
              • Oct 2018
              • 219

              #7
              Originally posted by mSparks View Post
              does anyone know how builds became non deterministic in the first place? How was this ever a thing?
              A lot of it is metadata. Time stamps, local paths, etc. The goal of reproducible builds is for independent parties to be able to create identical binaries, so embedded metadata needs cleaning.

              Comment

              • mSparks
                Senior Member
                • Oct 2007
                • 2101

                #8
                Originally posted by Jaxad0127 View Post

                A lot of it is metadata. Time stamps, local paths, etc. The goal of reproducible builds is for independent parties to be able to create identical binaries, so embedded metadata needs cleaning.
                surely verifying binaries can just ignore the metadata?, this seems like something far more insidious.

                also, metadata is still deterministic, non deterministic implies the binaries change randomly even when metadata is otherwise identical.

                Comment

                • ssokolow
                  Senior Member
                  • Nov 2013
                  • 5107

                  #9
                  Originally posted by mSparks View Post

                  surely verifying binaries can just ignore the metadata?, this seems like something far more insidious.

                  also, metadata is still deterministic, non deterministic implies the binaries change randomly even when metadata is otherwise identical.
                  You're assuming it's ELF metadata, rather than things like timestamps baked into the object code via things like preprocessor defines. (eg. some applications put their build timestamps in their --version output)

                  As for deterministic vs. non-deterministic, their definition of non-determinism is broader, also covering information leaking in through side-channels not covered by their build plans, such as calls to strftime to generate those --version strings which back onto calls like localtime during the build process.

                  Comment

                  • mSparks
                    Senior Member
                    • Oct 2007
                    • 2101

                    #10
                    Originally posted by ssokolow View Post

                    their definition of non-determinism is broader
                    OK.
                    So are builds creating randomly different binaries or not?

                    Comment

                    Working...
                    X