The First Reproducible Release

@osresearch osresearch released this Feb 1, 2017 · 585 commits to master since this release

Reproducible builds, on any type of Thinkpad

A clean checkout takes about 30-50 minutes to build since it makes multiple versions of gcc and binutils. When the build is done it should produce the following sha256 hashes for the two currently working boards:

a7ca26f3b874c52b8284d3d74294fed3937274b699af0b66d50c512455306a9f  qemu.rom
83df0b6845fdd6b335119f7e89e08c47ec3566f515fe93bc528fcd955587a43e  x230.rom

This includes an update to Linux 4.9.7 and coreboot 4.5, and replaces the system libc with musl-libc to ensure that there are no dependencies on the build system's utilities. It still requires reflashing via a hardware SPi programmer and it is still difficult to install Qubes. Hopefully the UX will improve in the next release.

The Chell chromebook can be made to work, but needs attention to become part of the functioning build again.

Xen is not built as part of the normal make. Run make xen.intermediate to generate build/xen-4.6.3/xen/xen.gz. Please note the xen build is reproducible for a given compiler, but is not yet reproducible across systems.