/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make the whole qubes-builder deterministic #816

Open
marmarek opened this Issue Mar 8, 2015 · 6 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 4.1
2 participants
@marmarek @andrewdavidwong
@marmarek
Member

marmarek commented Mar 8, 2015

Reported by joanna on 11 Apr 2014 09:09 UTC
... to allow easy, independent comparison of rpms/ISOs build from the same sources on different machines and by different people.

In the future: allow rpm/iso signatures by ""M out of N" signers.

Migrated-From: https://wiki.qubes-os.org/ticket/816
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Mar 8, 2015

Member

Comment by joanna on 11 Apr 2014 09:11 UTC
We need deterministic gcc, rpmbuld, and probably many other tools.

A great task for somebody from the community! :)
Member

marmarek commented Mar 8, 2015

Comment by joanna on 11 Apr 2014 09:11 UTC
We need deterministic gcc, rpmbuld, and probably many other tools.

A great task for somebody from the community! :)

@marmarek marmarek added this to the Release 3 milestone Mar 8, 2015

@marmarek marmarek added enhancement C: other P: major labels Mar 8, 2015

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Mar 8, 2015

Member

Comment by marmarek on 17 Apr 2014 00:05 UTC
Some thoughts on similar idea from Debian project:
https://wiki.debian.org/ReproducibleBuilds
Member

marmarek commented Mar 8, 2015

Comment by marmarek on 17 Apr 2014 00:05 UTC
Some thoughts on similar idea from Debian project:
https://wiki.debian.org/ReproducibleBuilds
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Mar 8, 2015

Member

Modified by joanna on 20 Apr 2014 17:12 UTC
Member

marmarek commented Mar 8, 2015

Modified by joanna on 20 Apr 2014 17:12 UTC

@marmarek marmarek added C: builder and removed C: other labels Mar 8, 2015

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Mar 8, 2015

Member

Comment by axon on 11 Aug 2014 09:05 UTC
Historical reference:
https://groups.google.com/d/topic/qubes-devel/D2Ca4Ef-dh4/discussion
Member

marmarek commented Mar 8, 2015

Comment by axon on 11 Aug 2014 09:05 UTC
Historical reference:
https://groups.google.com/d/topic/qubes-devel/D2Ca4Ef-dh4/discussion

@marmarek marmarek modified the milestones: Release 3.1, Release 3.0 May 13, 2015

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Sep 26, 2015

Member

Useful link for Fedora work on reproducible builds:
https://github.com/kholia/ReproducibleBuilds
http://securityblog.redhat.com/2013/09/18/reproducible-builds-for-fedora/
Member

marmarek commented Sep 26, 2015

Useful link for Fedora work on reproducible builds:
https://github.com/kholia/ReproducibleBuilds
http://securityblog.redhat.com/2013/09/18/reproducible-builds-for-fedora/

@marmarek marmarek referenced this issue Dec 11, 2015

Open

build proper src.rpm packages #1508

0 of 3 tasks complete

@marmarek marmarek modified the milestones: Release 4.1, Release 3.1 Feb 8, 2016

This was referenced Dec 24, 2016

Closed
Open
@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Dec 24, 2016

Member

In the future: allow rpm/iso signatures by ""M out of N" signers.

Since this is actually a separate issue, I've created #2535.
Member

andrewdavidwong commented Dec 24, 2016

In the future: allow rpm/iso signatures by ""M out of N" signers.

Since this is actually a separate issue, I've created #2535.

@andrewdavidwong andrewdavidwong referenced this issue May 21, 2017

Open

Consider generating new shared Qubes Master Signing Key #2818

@marmarek marmarek referenced this issue in QubesOS/qubes-builder Jul 23, 2017

Merged

Allow setting component specific CC, CFLAGS, LDFLAGS from conf file #22

marmarek added a commit to marmarek/qubes-builder-debian that referenced this issue Nov 3, 2017

@marmarek
Use pbuilder for build environment preparation 
This replace custom code based on debootstrap and apt-get. The major
gain here is much smaller build environment (only declared dependencies
are installed), and also sharing tools with the upstream. Also it
simplifies the builder a lot.

The downside is slower operation (pbuilder re-install all the build
dependencies each time).

This work was done collectively with @HW42, during Reproducible Builds
Summit.

QubesOS/qubes-issues#816
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
4db2406
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment