You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

README.md 1.7KB

10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445
  1. # Gitian
  2. Read about the project goals at the "project home page":https://gitian.org/ .
  3. This package can do a deterministic build of a package inside a VM.
  4. ## Deterministic build inside a VM
  5. This performs a build inside a VM, with deterministic inputs and outputs. If the build script takes care of all sources of non-determinism (mostly caused by timestamps), the result will always be the same. This allows multiple independent verifiers to sign a binary with the assurance that it really came from the source they reviewed.
  6. ## Synopsis:
  7. Install prereqs:
  8. sudo apt-get install python-vm-builder qemu-kvm apt-cacher
  9. sudo service apt-cacher start
  10. Create the base VM for use in further builds (requires sudo, please review the script):
  11. bin/make-base-vm
  12. Copy any additional build inputs into a directory named _inputs_.
  13. Then execute the build using a YAML description file (can be run as non-root):
  14. bin/gbuild <package>-desc.yml
  15. or if you need to specify a commit for one of the git remotes:
  16. bin/gbuild --commit <dir>=<hash> <package>-desc.yml
  17. The resulting report will appear in result/\<package\>-res.yml
  18. ## Poking around
  19. * Log files are captured to the _var_ directory
  20. * You can run the utilities in libexec by running `PATH="libexec:$PATH"`
  21. * To start the target VM run `start-target`
  22. * To ssh into the target run `on-target` or `on-target -u root`
  23. * On the target, the _build_ directory contains the code as it is compiled and _install_ contains intermediate libraries
  24. * By convention, the script in \<package\>-desc.yml starts with any environment setup you would need to manually compile things on the target
  25. TODO:
  26. - disable sudo in target, just in case of a hypervisor exploit
  27. - tar and other archive timestamp setter