|devrandom f8a29869f2 implement bin/gsign||10 years ago|
|bin||10 years ago|
|libexec||10 years ago|
|target-bin||11 years ago|
|.gitignore||10 years ago|
|README.md||10 years ago|
Read about the project goals at the “project home page”:https://gitian.org/ .
This package can do a deterministic build of a package inside a VM.
This performs a build inside a VM, with deterministic inputs and outputs. If the build script takes care of all sources of non-determinism (mostly caused by timestamps), the result will always be the same. This allows multiple independent verifiers to sign a binary with the assurance that it really came from the source they reviewed.
sudo apt-get install python-vm-builder qemu-kvm apt-cacher sudo service apt-cacher start
Create the base VM for use in further builds (requires sudo, please review the script):
Copy any additional build inputs into a directory named inputs.
Then execute the build using a YAML description file (can be run as non-root):
or if you need to specify a commit for one of the git remotes:
bin/gbuild --commit <dir>=<hash> <package>-desc.yml
The resulting report will appear in result/<package>-res.yml
start-target 32 lucid-i386or
start-target 64 lucid-amd64
on-target -u root