Re: [Qemu-devel] [PATCH v15 6/9] module: implement module loading

["Daniel P. Berrange" <berrange@redhat.com>]

On Tue, Jan 14, 2014 at 04:19:41PM +0100, Paolo Bonzini wrote:
> Il 14/01/2014 15:47, Richard Henderson ha scritto:
> >>>> +echo "CONFIG_STAMP=`date +%s`_$$_$RANDOM" >> $config_host_mak
> >>> >>
> >>> >> I really really don't like random numbers that make for non-repeatable builds.
> >>> >>  It's a quality-assurance nightmare.
> >> > 
> >> > Can you elaborate this, please?
> > Build systems like we use at Red Hat want to be able to produce bit-for-bit
> > identical binaries when given the exact same input.  Using random numbers
> > during the build process prevents that.
> 
> I totally agree, but AIUI people wanted the symbol to be something that
> you couldn't know in advance (e.g. when compiling an out-of-tree
> module).  For some definition of "couldn't" and "in advance".

You can't stop a determined person. The goal is really just to make sure
they have to jump through painful hoops if they're going to delibrately
ignore our policy that this is not for 3rd party out of tree modules to
use.

When doing RHEL / Fedora builds, we *do* want this to change each time
the RPM is rebuilt for a new release. eg any time we add a new patch
to the RPM we want it to change, but if you're just rebuilding an
src.rpm without making changes we don't need it to be different.

You could use a sha256 sum of  'configure content + version + pkgversion'
to get something that'd change each time distros did a formal new build,
but would still allow reproducible builds.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|