42bd86cfb0
It currently tackles two problems: - gcc(1) hard-coding full paths in debugging information (with one caveat at the moment) - ar(1) hard-coding user IDs in archive headers This allows packages built from the same tree and options to produce identical results bit by bit. This option should be combined with ASLR and PKGSRC_MKPIE to avoid predictable address offsets for attackers attempting to exploit security vulnerabilities. This is still disabled by default, and only supports NetBSD so far. As discussed on tech-pkg@
15 lines
289 B
Makefile
15 lines
289 B
Makefile
# $NetBSD: repro.mk,v 1.1 2017/11/12 13:34:14 khorben Exp $
|
|
#
|
|
# Infrastructure support for PKGSRC_MKREPRO.
|
|
#
|
|
# Keywords: reproducible
|
|
#
|
|
|
|
.if ${_PKGSRC_MKREPRO} == "yes"
|
|
|
|
# force ar(1) to be deterministic
|
|
TOOLS_CREATE+= ar
|
|
TOOLS_PATH.ar?= ${PKGSRCDIR}/mk/repro/ar
|
|
TOOLS_ARGS.ar?= D
|
|
|
|
.endif
|