[Replicant] diffoscope output of two local 6.0-0003 builds
Simon Josefsson
simon at josefsson.org
Sat Dec 16 15:59:20 UTC 2017
Hi all!
To inspire reproducible builds of Replicant, I built 6.0-0003 twice from
scratch (including two different builds of the toolchain) and ran
diffoscope on the resulting images. The two builds uses the same
signing key to reduce differences.
https://josefsson.org/local1-vs-local2.html warning: BIG FILE!
The good thing is that it appears to be a feasible number of differences
to deal with, if anyone wants to help debug things further. There are
quite some noice in the output that might be easy (or not) to resolve,
like the build-id's, timestamps and hard-coded paths.
My detailed manual analysis of the output is, major things first:
* boot.img 4MB
system/recovery-from-boot.p 1.5MB
recovery/recovery-from-boot.p 1.5MB same as previous?
These are opaque (compressed?) image files with large differences.
What do they contain? Kernel? Initrd ramdisk? Can we teach
diffoscope to unpack them?
* system/framework/core-libart.jar
system/lib/libGLES_trace.so
system/lib/libwebrtc_audio_preprocessing.so
system/lib/modules/dhd.ko
system/xbin/perfprofd
These are large diff's. Does anyone know what each of these files do?
Is the reason for the differences due to Java/C++ name mangling only?
Perhaps building with the same toolchain avoids these diff's, but I
like having independently built toolchains too.
* system/bin/install-recovery.sh and recovery/bin/install-recovery.sh:
Contains some hash, timestamp or build-id data. How are the hashes
generated?
Minor things:
* META-INF/com/android/metadata: timestamp
* META-INF/com/google/android/update-binary: Build-Id.
* META-INF/CERT.RSA: what is stored at the end? RSA sigs should be
deterministic if the input are the same.
* system/app/messaging/messaging.apk:
system/bin/*:
system/etc/ppp/ip-up-vpn:
Build date/id, sha1 checksum.
* system/build.prop: build info diff's.
* system/etc/NOTICE.html.gz: contains paths from build system?
* system/lib/*: build id diff.
* system/etc/recovery-resource.dat:
system/framework/*:
Timestamp in zip metadata.
* system/etc/security/otacerts.zip: contains a hard-coded path from the
build machine.
Cheers,
/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20171216/a615ca2c/attachment.asc>
More information about the Replicant
mailing list