!LemuOOvbWqRXodtSsw:nixos.org

NixOS Reproducible Builds

491 Members
Report: https://reproducible.nixos.org Project progress: https://github.com/orgs/NixOS/projects/30114 Servers

Load older messages


SenderMessageTime
30 Nov 2024
@atemu12:matrix.orgatemu12 p14: Do you also get super slow page loading times? 12:40:45
@raboof:matrix.orgraboof definitely a good idea to ask upstream. for nixpkgs we definitely want to build with ipv6 support even if the build machine doesn't have it enabled, so we might want to add --enable-ipv6 in the mean time? 12:41:01
@p14:matrix.orgp14And I have a good technical ISP who provides good ipv6 support, but I have it disabled at the router.12:41:02
@p14:matrix.orgp14
In reply to @raboof:matrix.org
definitely a good idea to ask upstream. for nixpkgs we definitely want to build with ipv6 support even if the build machine doesn't have it enabled, so we might want to add --enable-ipv6 in the mean time?
I've not dug into the build script but would it still do the config test?
12:41:30
@raboof:matrix.orgraboofhttps://github.com/RsyncProject/rsync/blob/master/configure.ac#L379-L407 I'm not too good with automake, not sure12:44:00
@p14:matrix.orgp14
In reply to @raboof:matrix.org
https://github.com/RsyncProject/rsync/blob/master/configure.ac#L379-L407 I'm not too good with automake, not sure
Tested it here, it looks like enabling it does skip the test.
12:47:31
@p14:matrix.orgp14And confirmed that it produces the same executable as output.12:50:34
@p14:matrix.orgp14Is enabling ipv6 in rsync a change to target staging, or master?12:51:05
@raboof:matrix.orgraboofdepends on the number of rebuilds, I'd target master and wait for ofborg to tell you 12:52:56
@p14:matrix.orgp14Fix: https://github.com/NixOS/nixpkgs/pull/360414 I'll leave it as draft until the checkers are happy.12:58:38
@raboof:matrix.orgraboofofborg confirms it should target staging :)14:05:07
@midirhee12:tchncs.de@midirhee12:tchncs.de joined the room.18:58:04
@midirhee12:tchncs.de@midirhee12:tchncs.de left the room.18:59:41
1 Dec 2024
@shawn8901:matrix.orgshawn8901 left the room.00:08:09
@shawn8901:matrix.orgshawn8901 joined the room.00:11:07
2 Dec 2024
@pyrox:pyrox.devdish [Fox/It/She] changed their profile picture.19:59:07
3 Dec 2024
@femsci:estrogen.systemsfemsci joined the room.05:01:10
@statecode47:unredacted.org@statecode47:unredacted.org joined the room.15:40:54
@statecode47:unredacted.org@statecode47:unredacted.org

Does anyone here know how to remove the signature from ARM64 Linux kernel images so that two kernel images (official and reproduced) can be compared by diffoscope without the signatures differing?

Sad that I can't find anything regarding removing signatures from ARM64 Linux kernel images, and they are probably nothing like the x86_64 Linux kernel EFI images. I am not familiar with ARM64 Linux kernels at all.

Its file type is Linux kernel ARM64 boot executable Image, little-endian, 4K pages.

15:42:10
@msanft:matrix.orgMoritz SanftModule signatures, or which signatures do these have exactly?15:43:18
@statecode47:unredacted.org@statecode47:unredacted.org
In reply to @msanft:matrix.org
Module signatures, or which signatures do these have exactly?

For the *.ko modules, I successfully removed their signatures with strip, since the modules are simply ELF.

But the ARM64 kernel boot Image itself is more challenging and I really don't know how to remove the signatures before being able to compare the images.

15:45:53
@msanft:matrix.orgMoritz Sanft
In reply to@statecode47:unredacted.org

For the *.ko modules, I successfully removed their signatures with strip, since the modules are simply ELF.

But the ARM64 kernel boot Image itself is more challenging and I really don't know how to remove the signatures before being able to compare the images.

You can also specify CONFIG_MODULE_SIG=n for that
15:46:31
@msanft:matrix.orgMoritz Sanft You can also specify CONFIG_MODULE_SIG=n for that. As for ARM-specific signatures, I'm unaware. 15:46:56
@statecode47:unredacted.org@statecode47:unredacted.org
In reply to @msanft:matrix.org
You can also specify CONFIG_MODULE_SIG=n for that. As for ARM-specific signatures, I'm unaware.
Seems reasonable, but this way the diff would still appear, because the official images are built with signatures.
15:47:33
4 Dec 2024
@statecode47:unredacted.org@statecode47:unredacted.orgEnded up being able to locate and delete the signature/certificate part of the image by using binwalk and dd. 11:33:42
@raboof:matrix.orgraboofNice! And the rest was bit-by-bit identical with upstream? That's pleasantly surprising!11:42:10
@statecode47:unredacted.org@statecode47:unredacted.org
In reply to @raboof:matrix.org
Nice! And the rest was bit-by-bit identical with upstream? That's pleasantly surprising!
Almost, there's only random gibberish left in a specific byte of the file, which doesn't bother that much, but note that I'm testing reproducible builds of GrapheneOS. AOSP's build system is relatively good in terms of reproducibility and they use Bazel to build the kernel.
11:46:14
@statecode47:unredacted.org@statecode47:unredacted.orgWould it be possible to submit CI tests to the reproducible-builds.org infrastructure?20:18:05
@statecode47:unredacted.org@statecode47:unredacted.org * 21:14:37
@ironbound:hackerspace.pl@ironbound:hackerspace.pl left the room.22:12:38

Show newer messages


Back to Room ListRoom Version: 6