[asterisk-dev] reproducible builds of asterisk
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Wed Dec 20 15:15:26 CST 2017
On Wed, Dec 20, 2017 at 01:55:31PM -0600, Matt Fredrickson wrote:
> Hey Tzafrir,
>
> On Wed, Dec 20, 2017 at 3:53 AM, Tzafrir Cohen <tzafrir.cohen at xorcom.com> wrote:
> > Hi,
> >
> > There is a patch in the Debian package to build Asterisk in a
> > reproducible way[1] if so needed. Patch is really simple, but as I did
> > not write it, I can't push it. I described what it does.
> >
> > If anybody wants to help Asterisk in that front:
> > https://issues.asterisk.org/jira/browse/ASTERISK-27499
> >
> > Are there any other sources of non-determinism in the Asterisk build
> > process?
>
> Great question - not sure myself.
>
> > I'd like to stress again that it's fine that the Asterisk standard build
> > process is not reprodicible (e.g.: includes a build timestamp), and the
> > patch does not break that. But there are useful use cases for a reprodicible
> > build of Asterisk.
>
> I haven't looked very much into reproducible builds and the benefits
> you get from it. Is the desire for reproducible builds mostly about
> some kind of perfect, a posteriori verification of running/pre-built
> code for reproduction and other debugging purposes?
>
> Or am I missing something?
Much of the interest is for verification, indeed.
In practice one of the tests used is building the package twice under
very different conditions (for instance: once with timezone +12 and once
with a timezone of -13, so the two builds differ by over a day) and
hoping to get exactly the same result. This already works for e.g. a
very large majority of the packages in Debian (no idea about the status
in other distributions).
--
Tzafrir Cohen
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com
More information about the asterisk-dev
mailing list