You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

10 年之前
10 年之前
10 年之前
10 年之前
10 年之前
10 年之前
10 年之前
123456789101112131415161718192021222324252627282930313233343536373839404142434445
  1. # Gitian
  2. Read about the project goals at the "project home page":https://gitian.org/ .
  3. This package can do a deterministic build of a package inside a VM.
  4. ## Deterministic build inside a VM
  5. This performs a build inside a VM, with deterministic inputs and outputs. If the build script takes care of all sources of non-determinism (mostly caused by timestamps), the result will always be the same. This allows multiple independent verifiers to sign a binary with the assurance that it really came from the source they reviewed.
  6. ## Synopsis:
  7. Install prereqs:
  8. sudo apt-get install python-vm-builder qemu-kvm apt-cacher
  9. sudo service apt-cacher start
  10. Create the base VM for use in further builds (requires sudo, please review the script):
  11. bin/make-base-vm
  12. Copy any additional build inputs into a directory named _inputs_.
  13. Then execute the build using a YAML description file (can be run as non-root):
  14. bin/gbuild <package>-desc.yml
  15. or if you need to specify a commit for one of the git remotes:
  16. bin/gbuild --commit <dir>=<hash> <package>-desc.yml
  17. The resulting report will appear in result/\<package\>-res.yml
  18. ## Poking around
  19. * Log files are captured to the _var_ directory
  20. * You can run the utilities in libexec by running `PATH="libexec:$PATH"`
  21. * To start the target VM run `start-target`
  22. * To ssh into the target run `on-target` or `on-target -u root`
  23. * On the target, the _build_ directory contains the code as it is compiled and _install_ contains intermediate libraries
  24. * By convention, the script in \<package\>-desc.yml starts with any environment setup you would need to manually compile things on the target
  25. TODO:
  26. - disable sudo in target, just in case of a hypervisor exploit
  27. - tar and other archive timestamp setter