| Summary: | ASTERISK-27499: Make build of Asterisk reproducible, if so required | ||
| Reporter: | Tzafrir Cohen (tzafrir) | Labels: | |
| Date Opened: | 2017-12-20 03:31:27.000-0600 | Date Closed: | |
| Priority: | Minor | Regression? | No |
| Status: | Open/New | Components: | Core/BuildSystem |
| Versions: | 13.18.4 15.1.4 | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | The following is a description of a simple patch I already have in the Debian package. I expect this would be a low hanging fruit for someone else to implement.
Reproducible builds are intended to guarantee that a binary was built from a given source tree by the fact that building it again would give exactly the same result. This has nice implications in trust. Normally you don't need it, but it may be handy in many cases. This breaks when the result of the build changes due to differences in the build environment: build time, host name, and such. The patch does the following: 1. In Makefile: call 'sort' with locale explicitly set to 'C' to make sure sort order does not differ by locales. I'm not 100% sure this is needed with the module naming convention, but it wouldn't hurt. 2. build_tools/make_build_h: This one heavily depends on the build environment. It would be nice to avoid that. A reproducible build build environment must set the variable SOURCE_DATE_EPOCH (See https://reproducible-builds.org/specs/source-date-epoch/ ). Thus if this variable is set, some values could be overridden (be it to arbitrary values) and not set from the build environment: * HOSTNAME * KERNEL * MACHINE * USER * DATE | ||
| Comments: | By: Asterisk Team (asteriskteam) 2017-12-20 03:31:28.959-0600 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: Matt Fredrickson (mfredrickson) 2017-12-20 14:49:20.938-0600 I'm thinking that there's not much else here to do from a triage perspective. Tzafrir, since you have already sent an email to the -dev list and you already know how the patch contribution process works, I'm going to acknowledge this issue (to remove it from the triage queue) and let you submit any patches that need to go in via gerrit. Let me know if you have a difference of opinion about this course of action. | ||