Re: [Xen-devel] mkelf32 uninitialized data and reproducible builds

["Jan Beulich" <JBeulich@xxxxxxxx>]

>>> On 08.08.16 at 21:23, <konrad.wilk@xxxxxxxxxx> wrote:
> On Mon, Aug 08, 2016 at 07:02:25PM +0000, Trammell Hudson wrote:
>> The xen/arch/x86/boot/mkelf32 executable is preventing Xen hypervisors
>> from being reproducibly built.  It is using an uninitialized stack
>> buffer for padding after the ehdr and phdr are written to the xen file,
>> which leads to non-deterministic bytes in the binary.
>> 
>> Additionally, the file is then compressed with gzip -9 without the
>> -n or --no-name flag, which leads to the xen.gz file having
>> non-deterministric timestamp bytes in the compressed file.
>> 
>> The xen/Makefile variables XEN_WHOAMI, XEN_DOMAIN, XEN_BUILD_TIME,
>> XEN_BUILD_DATE and XEN_BUILD_HOST are also not reproducible, but
>> since they are defined with ?= it is possible for an outside
>> build script to override them.  Perhaps having a flag to set
>> these to a default value would be useful.

I think this had been brought up before, and being able to override
the values on the make command line (or in the environment) has
been deemed good enough.

>> Fixing these allows a re-build of the binary to be the same on
>> a given host and avoids undefined behaviour in mkelf32.
> 
> That is a nice patch. Sadly it is missing an Signed Off By.
> 
> I am wondering if you would be comfortable providing that?

Additionally it should be against unstable instead of 4.6.3, and
ideally would be split into two ones (as the two adjustments have
little to do with one another).

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel