Can Busybox support reproducible build?
Zhongwenlin
zhongwenlin at huawei.com
Fri Jul 7 12:23:37 UTC 2017
Thank you for your answer :).
-----邮件原件-----
发件人: Denys Vlasenko [mailto:vda.linux at googlemail.com]
发送时间: 2017年7月4日 21:39
收件人: Zhongwenlin
抄送: busybox at busybox.net; Gaokun (King)
主题: Re: Can Busybox support reproducible build?
On Tue, Jul 4, 2017 at 5:59 AM, Zhongwenlin <zhongwenlin at huawei.com> wrote:
> Hi,
>
> When I build Busybox 1.18.4, I find build results are different every time.
> It seems to be caused by the code DBB_BT="AUTOCONF_TIMESTAMP”in
> Makefile.flags, which would put a time stamp into the binary.
>
> And I find the code in the latest version 1.26.2,too.
>
> As we know, reproducible builds is a good way to counter malicious
> attacks that generate malicious executables, by making it easy to
> recreate the executable to determine if the result is correct. How
> can I eliminate the differences caused by the time stamp? Just remove the code?
>
> Can Busybox support reproducible build now ? or in later versions?
busybox/scripts/kconfig:
env = getenv("KCONFIG_NOTIMESTAMP");
if (env && *env)
use_timestamp = 0;
I tried:
export KCONFIG_NOTIMESTAMP=1
make defconfig && make
It works.
More information about the busybox
mailing list