Re: Deterministic Library Calls when Building

[Karl Semich <fuzzytew@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 2329 bytes --]

It seems to me it would be the most reliable, future-proof, way, but might
have the downside of making it a step harder for people without the special
environment to reproduce the build.

I'm pretty new at looking under the hood of linux, but I can imagine these
approaches at least:
- preload system library wrappers around key nondeterministic functions
- replace /dev/*random with fakes (could be named pipes, dummy devices fed
by modules, or just flat files!)
- replace system libraries with fullblown libraries with nondeterministic
calls rewritten (could merge changes upstream, provide a flag)
- create a kernel module which alters the behavior of the running kernel to
be more deterministic
- change the kernel itself to have a "deterministic mode" (could merge
upstream)

The goal of making packages deterministic would change from modifying the
packages themselves, to modifying the build environment, with the hope of
making a build environment that always creates deterministic builds for
normal software packages.  This should be very possible.

The approach of small library wrappers and/or replacing device files could
be pretty fast to implement, but not as "far thinking" as the other end of
the spectrum, where changes to glibc and linux could be merged upstream.

On Sun, Mar 20, 2016 at 8:51 AM, Thompson, David <dthompson2@worcester.edu>
wrote:

> On Sun, Mar 20, 2016 at 6:04 AM, Karl Semich <fuzzytew@gmail.com> wrote:
> > Hi,
> >
> > I recently learned about guix and I haven't found any information on
> > approaching deterministic builds by changing library and kernel
> > functions to have deterministic behavior.  Has anybody done this?
> >
> > For example, I would imagine if I needed timestamps to no longer be a
> > factor, I might change how the current time is reported to the build
> > environment, such that it is always precisely equal to the time of
> > last modification of the source package.  Similarly /dev/*random
> > should return deterministic numbers seeded by perhaps the hash of the
> > source package and all dependencies.
> >
> > Has there been a discussion of this somewhere?
>
> I'm not sure if there has been an on-the-record discussion of this
> anywhere, but I have thought about similar things re: random numbers.
> Maybe this thread is the time to discuss? :)
>
> - Dave
>

[-- Attachment #2: Type: text/html, Size: 2998 bytes --]