BSDCan2016 - v1.1.24a

BSDCan 2016
The Technical BSD Conference

Speakers
Ed Maste
Schedule
Day Talks #2 - 11 June - 2016-06-11
Room DMS 1160
Start time 16:00
Duration 01:00
Info
ID 714
Event type Lecture
Track Hacking
Language used for presentation English

Reproducible Builds in FreeBSD

The goal of reproducible builds is to allow anyone to build a byte-for-byte identical copy of a software package from given source code, to verify that no flaws have been introduced in the compilation process. This talk will present an introduction to reproducible builds, explain why build reproducibility is desirable, discuss the current state of build reproducibility in FreeBSD, and examine some of the techniques used to obtain reproducible builds.

Reproducible builds are a set of software development practices which create a verifiable path from human readable source code to the binary code and software packages distributed by an operating system vendor. This allows others to rebuild the same source code and produce an identical binary, package or other artifact, to verify that no flaws have been introduced in the compilation process either by the compiler or by those managing the build and release of the software.

Reproducible build efforts have been ongoing for a number of years in a number of projects, FreeBSD included. Reproducible builds provide both security and assurance benefits, and operational benefits unrelated to security or detection of malfeasance. For example, reproducible builds reduce package mirror traffic by avoiding the creation of new/changed packages without a source code change.

Reproducibility efforts in FreeBSD started several years ago on a somewhat ad-hoc basis, but over the last year build reproducibility has become a topic of greatly increasing interest, with a combination of efforts from upstream software developers and open source operating system developers and packagers. There are many reasons software does not build reproducibly, including timestamps embedded in object files, timezone and locale settings affecting the build, output that depends on the order in which files are returned by the file system, and metadata stored in archive files.

This talk will:

  • present an introduction to reproducible builds

  • explain why build reproducibility is desired

  • discuss the current state of build reproducibility on FreeBSD and explore reasons builds are not reproducible today

  • examine techniques used to obtain reproducible builds

PLEASE NOTE: the original video is not available. In its place, we have the audio track.