Ticket #16854 (new defect)
virtualbox does not build reproducibly
| Reported by: | bmwiedemann2 | Owned by: | |
|---|---|---|---|
| Priority: | major | Component: | other |
| Version: | VirtualBox 5.1.22 | Keywords: | |
| Cc: | Guest type: | other | |
| Host type: | other |
Description
meaning, it creates different results on every build. See https://reproducible-builds.org/ why that matters.
This comes from multiple sources:
- gzip needs to be called with -n (patch attached)
- tar does not sort file lists by default (newer version have the --sort=name option but there are other solutions as well)
- various .o files contain a 'VTG Object Header v1.7'
added in src/bldprogs/VBoxTpG.cpp:574 via src/VBox/Runtime/generic/RTUuidCreate-generic.cpp RTUuidCreate via src/VBox/Runtime/common/rand/rand.cpp RTRandBytes
IMHO, it would be better to replace that with some digest over source files, so that it changes whenever one of the inputs changes, but remains constant across builds.
Attachments
-
reproducible.patch
(2.5 KB) -
added by bmwiedemann2 3 months ago.
- patch to not add timestamps to gz headers
Change History
Changed 3 months ago by bmwiedemann2
-
attachment
reproducible.patch
added
Note: See
TracTickets for help on using
tickets.
patch to not add timestamps to gz headers