Re: Deterministic Library Calls when Building

unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed

From: Jookia <166291@gmail.com>
To: Karl Semich <fuzzytew@gmail.com>
Cc: guix-devel <guix-devel@gnu.org>
Subject: Re: Deterministic Library Calls when Building
Date: Mon, 21 Mar 2016 04:35:48 +1100	[thread overview]
Message-ID: <20160320173548.GA18384@novena-choice-citizen.lan> (raw)
In-Reply-To: <CABnEbCFsKEa3VQ1QeMgRZqL2n-b+d1KPdMw1qiya6XW2zvmOaA@mail.gmail.com>

On Sun, Mar 20, 2016 at 12:53:42PM -0400, Karl Semich wrote:
> It seems to me it would be the most reliable, future-proof, way, but might
> have the downside of making it a step harder for people without the special
> environment to reproduce the build.
> 
> I'm pretty new at looking under the hood of linux, but I can imagine these
> approaches at least:
> - preload system library wrappers around key nondeterministic functions
> - replace /dev/*random with fakes (could be named pipes, dummy devices fed
> by modules, or just flat files!)
> - replace system libraries with fullblown libraries with nondeterministic
> calls rewritten (could merge changes upstream, provide a flag)
> - create a kernel module which alters the behavior of the running kernel to
> be more deterministic
> - change the kernel itself to have a "deterministic mode" (could merge
> upstream)
> 
> The goal of making packages deterministic would change from modifying the
> packages themselves, to modifying the build environment, with the hope of
> making a build environment that always creates deterministic builds for
> normal software packages.  This should be very possible.
> 
> The approach of small library wrappers and/or replacing device files could
> be pretty fast to implement, but not as "far thinking" as the other end of
> the spectrum, where changes to glibc and linux could be merged upstream.

I think this would only really be useful if it could be detected that these
sources or nondeterministic functions are being used and flagged for patching
upstream.

next prev parent reply	other threads:[~2016-03-20 17:38 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-03-20 10:04 Deterministic Library Calls when Building Karl Semich
2016-03-20 12:51 ` Thompson, David
2016-03-20 16:53   ` Karl Semich
2016-03-20 17:35     ` Jookia [this message]
2016-03-20 21:05     ` Ludovic Courtès

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160320173548.GA18384@novena-choice-citizen.lan \
    --to=166291@gmail.com \
    --cc=fuzzytew@gmail.com \
    --cc=guix-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).