Deterministic compilation , also known as reproducible assembly, is a software compilation process that is guaranteed to be reproducible. It allows you to make sure that the resulting binary code exactly matches the source code. Source code compiled using deterministic compilation will always output the same binary file down to the bit. [1] [2]
Deterministic compilation can act as part of a chain of trust ; the source code can be digitally signed and deterministic compilation allows us to prove that the binary code was compiled from trusted source code.
Content
- 1 Methodology
- 2 History
- 3 References
- 4 External links
Methodology
For the compilation process to be deterministic, the input to the compiler must be the same, regardless of the build environment used. This is usually associated with clearing variables that may change, such as timestamp , locales, and paths .
Build systems such as Gitian [3] can be used to automate reproducibility of the build process.
History
One of the first projects to promote reproducible assemblies was a Bitcoin project with Gitian.
Later, in 2013, the Thor project (anonymous network) began using Gitian to reproduce its builds [4]
References
- ↑ reproducible-builds.org . reproducible-builds.org . - “Reproducible builds are a set of software development practices which create a verifiable path from human readable source code to the binary code used by computers .... build system needs to be made entirely deterministic: transforming a given source must always create the same result. ". Date accessed August 22, 2016. Archived May 20, 2016.
- ↑ Ratliff, Emily Establishing Correspondence Between an Application and its Source Code | SecurityWeek.com . www.securityweek.com . SecurityWeek (April 4, 2016). Date of treatment August 22, 2016. Archived on September 20, 2016.
- ↑ Gitian: a secure software distribution method . gitian.org . Date of treatment January 10, 2018.
- ↑ Deterministic Builds Part Two: Technical Details. October 04, 2013