pkgsrc

kpriv/pkgsrc

Fork 0

Commit graph

Author	SHA1	Message	Date
khorben	32a7cecedb	Look for ar(1) in $_ORIG_PATH with PKGSRC_MKREPRO This no longer hard-codes the path to ar(1) as /usr/bin/ar. It is not possible to use the original value of $TOOLS_PATH.ar as it is usually not set.	2017-11-12 16:41:40 +00:00
khorben	42bd86cfb0	Add initial support for building packages reproducibly It currently tackles two problems: - gcc(1) hard-coding full paths in debugging information (with one caveat at the moment) - ar(1) hard-coding user IDs in archive headers This allows packages built from the same tree and options to produce identical results bit by bit. This option should be combined with ASLR and PKGSRC_MKPIE to avoid predictable address offsets for attackers attempting to exploit security vulnerabilities. This is still disabled by default, and only supports NetBSD so far. As discussed on tech-pkg@	2017-11-12 13:34:14 +00:00

Author

SHA1

Message

Date

khorben

32a7cecedb

Look for ar(1) in $_ORIG_PATH with PKGSRC_MKREPRO

This no longer hard-codes the path to ar(1) as /usr/bin/ar. It is not
possible to use the original value of $TOOLS_PATH.ar as it is usually
not set.

2017-11-12 16:41:40 +00:00

khorben

42bd86cfb0

Add initial support for building packages reproducibly

It currently tackles two problems:
- gcc(1) hard-coding full paths in debugging information (with one
  caveat at the moment)
- ar(1) hard-coding user IDs in archive headers

This allows packages built from the same tree and options to produce
identical results bit by bit. This option should be combined with ASLR
and PKGSRC_MKPIE to avoid predictable address offsets for attackers
attempting to exploit security vulnerabilities.

This is still disabled by default, and only supports NetBSD so far.

As discussed on tech-pkg@

2017-11-12 13:34:14 +00:00

2 commits