Is it feasible to cross-build compat5x binary?
Bruce Evans
bde at zeta.org.au
Mon Oct 24 05:09:30 PDT 2005
On Mon, 24 Oct 2005, Martin Cracauer wrote:
> Peter Jeremy wrote on Mon, Oct 24, 2005 at 06:08:11PM +1000:
>> On Sun, 2005-Oct-23 16:29:35 -0700, David O'Brien wrote:
>>> We should no trust cross built libraries for this purpose at this time.
>>> We really don't know how identical the results will be to being natively
>>> built.
>>
>> At some stage, we need to validate our cross-build chain with cmp(1).
>
> ELF object files are timestamped. But there's some elf-cmp out there.
On libraries (ELF or not: .so or .a) are.
I use diff -r to check that builds of object trees give reproducible
results, and just ignore libraries since they are built up from object
files by a simple process (perhaps not so simple for .so's). The main
problem at least used to be braindamaged applications that create
irreproducible results using the following methods:
- version.c files with a unique version number or timestamp
- __DATE__ in C files. Results are reproducible until the next day
- __TIME__ in C files
- __FILE__ in C files. For {source,generated} files, this makes the
results depend on the location of the {source,object} tree.
Bruce
More information about the freebsd-security
mailing list