[quagga-dev 16629] Re: Reproducibility problem

Gábor Boskovits boskovits at gmail.com
Sat Jun 24 12:38:42 BST 2017


Ok, I have a patch for that.
It seems to work fine.

I added it to https://github.com/Boskovits/quagga.git
<https://github.com/Boskovits/quagga.git>on branch reproducible-build
<https://github.com/Boskovits/quagga/tree/reproducible-build>.

It just makes what Nick Hilliard suggested, replaces keys with sort keys.

It might increase build time, but the impact seem negligible.

The advantages are, that this way bit-by-bit reproducible binaries are
generated.

See https://reproducible-builds.org/ if further reference needed.

2017-06-23 20:46 GMT+02:00 Gábor Boskovits <boskovits at gmail.com>:

> Thanks, i have found out.
> We need this to provide substitues.
> I guess this won't go upstream, so I will maintain it separate.
>
>
> 2017-06-23 20:39 GMT+02:00 Nick Hilliard <nick at foobar.org>:
>
>> Gábor Boskovits wrote:
>> > The only problem seem, that the build is not reproducible.
>> >
>> > I managed narrow that down to that generating vtysh_cmd.c is not
>> > deterministic.
>> >
>> > At first I thought is is just an ordering issue.
>>
>> It's just an ordering issue.  The reason for this behaviour is explained
>> here:
>>
>> > http://perldoc.perl.org/perlsec.html#Algorithmic-Complexity-Attacks
>>
>> If it bothers you, you can fix it by replacing all instances of "keys"
>> in vtysh/extract.pl by "sort keys".
>>
>> Nick
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.quagga.net/pipermail/quagga-dev/attachments/20170624/fdbfe008/attachment.html>


More information about the Quagga-dev mailing list