Commit graph

2 commits

Author SHA1 Message Date
khorben
32a7cecedb Look for ar(1) in $_ORIG_PATH with PKGSRC_MKREPRO
This no longer hard-codes the path to ar(1) as /usr/bin/ar. It is not
possible to use the original value of $TOOLS_PATH.ar as it is usually
not set.
2017-11-12 16:41:40 +00:00
khorben
42bd86cfb0 Add initial support for building packages reproducibly
It currently tackles two problems:
- gcc(1) hard-coding full paths in debugging information (with one
  caveat at the moment)
- ar(1) hard-coding user IDs in archive headers

This allows packages built from the same tree and options to produce
identical results bit by bit. This option should be combined with ASLR
and PKGSRC_MKPIE to avoid predictable address offsets for attackers
attempting to exploit security vulnerabilities.

This is still disabled by default, and only supports NetBSD so far.

As discussed on tech-pkg@
2017-11-12 13:34:14 +00:00