Currently BISDN Linux releases are not reproducible. This means users must trust us that we do sneak in any extra code in the images (ignoring OF-DPA and ofdpa-grpc).
To alleviate this, images should be reproducible, i.e. using the same source code should yield the same bit identical image.
Currently, I have identified the following issues:
- We use
BUILD_ID based on DATE in within the image. This causes each build to be different.
- ONL's kmod build script uses a tmpdir, which then leaks into the generated binaries.
- The kernel uses includes a full static path in arm's generated mach_types.h. There is a kernel patch for that in Yocto, we just need to apply it.
The primary goal is that building a release tag will result in the same binary as we provide.
Currently BISDN Linux releases are not reproducible. This means users must trust us that we do sneak in any extra code in the images (ignoring OF-DPA and ofdpa-grpc).
To alleviate this, images should be reproducible, i.e. using the same source code should yield the same bit identical image.
Currently, I have identified the following issues:
BUILD_IDbased onDATEin within the image. This causes each build to be different.The primary goal is that building a release tag will result in the same binary as we provide.