?ReproducibleBuildsKernel

This page describes how to build Debian kernel in an reproducible (verifiable - see [ReproducibleBuilds]) way for security reasons.

As of now (2013-11) this work is:

Steps:

See general instructions: [ReproducibleBuilds] how ever they are mainly for step 2,3.

We are trying to create a script that does this deterministic build in a bit more automated way with added:

This page should be usable for everyone in Debian, and script we're writing will be later easy to run in pure-Debian mode too.

Script will be published on [https://github.com/mempo/deterministic-kernel] please consider it absolute pre-alpha.

Tests

Here we paste research data.

Test20131029

Authors: members of Mempo project   Kernel version: 3.2.51   Kernel deterministic patches: custom patch to remove TIME and DATE   Kernel extra patches: grsecurity patch Kernel was built: 2 times. Build tool: using mempo script. Computer: built on same computer each time. Directory: built in same directory path each time. Fakedate: yes, using fakedate Dpkg: not fixed (regular version from Debian 7) System: build on Debian 7.1 amd64, gcc version(???). Build date: 2013-10-29 Machine name: (t/wb)

Results: .o - all identical .ko - some match, not all (how many?) vmlinuz - ??? .deb - different

List of checksums: ...???...

[CategoryKernel]