Opened 6 years ago
Last modified 6 years ago
#16854 new defect
virtualbox does not build reproducibly
| Reported by: | bmwiedemann2 | Owned by: | |
|---|---|---|---|
| Component: | other | Version: | VirtualBox 5.1.22 |
| Keywords: | Cc: | ||
| Guest type: | other | Host type: | other |
Description
meaning, it creates different results on every build. See https://reproducible-builds.org/ why that matters.
This comes from multiple sources:
- gzip needs to be called with -n (patch attached)
- tar does not sort file lists by default (newer version have the --sort=name option but there are other solutions as well)
- various .o files contain a 'VTG Object Header v1.7'
added in src/bldprogs/VBoxTpG.cpp:574 via src/VBox/Runtime/generic/RTUuidCreate-generic.cpp RTUuidCreate via src/VBox/Runtime/common/rand/rand.cpp RTRandBytes
IMHO, it would be better to replace that with some digest over source files, so that it changes whenever one of the inputs changes, but remains constant across builds.
Attachments (1)
Change History (3)
by , 6 years ago
| Attachment: | reproducible.patch added |
|---|
comment:2 by , 6 years ago
https://www.virtualbox.org/browser/vbox/trunk/src/VBox/ExtPacks/BusMouseSample/Makefile.kmk still did not get my trivial patch from above - anything I can help to get it merged?
Note:
See TracTickets
for help on using tickets.
patch to not add timestamps to gz headers