IETF Logo Mail Archive

Re: [rtcweb] Hermetic builds (Re: Cisco to open source its H.264 implementation and absorb MPEG-LA licensing fees)

Bjoern Hoehrmann <derhoermi@gmx.net> Mon, 16 December 2013 16:55 UTC

Return-Path: <derhoermi@gmx.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 602461AE37D for <rtcweb@ietfa.amsl.com>; Mon, 16 Dec 2013 08:55:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.438
X-Spam-Level:
X-Spam-Status: No, score=-2.438 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f7edk1qjss_q for <rtcweb@ietfa.amsl.com>; Mon, 16 Dec 2013 08:55:02 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) by ietfa.amsl.com (Postfix) with ESMTP id CD4171AE36D for <rtcweb@ietf.org>; Mon, 16 Dec 2013 08:55:01 -0800 (PST)
Received: from netb.Speedport_W_700V ([91.35.50.130]) by mail.gmx.com (mrgmx103) with ESMTPA (Nemesis) id 0M4o41-1Vc24U2RZ7-00z2EV for <rtcweb@ietf.org>; Mon, 16 Dec 2013 17:55:00 +0100
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Harald Alvestrand <harald@alvestrand.no>
Date: Mon, 16 Dec 2013 17:55:00 +0100
Message-ID: <71aua9tfn3e0t051e4l06vo9oskfd2lkj4@hive.bjoern.hoehrmann.de>
References: <A672E2AB-827D-46E8-9EB1-D7ED82B10B94@cisco.com> <20131211193239.GK3245@audi.shelbyville.oz> <558F8D49-4024-4DF1-9A9E-AF422F1292C2@iii.ca> <20131212011550.GM3245@audi.shelbyville.oz> <E8882BCE-4795-4CF5-B785-18C2141A5DE2@iii.ca> <20131212183852.GN3245@audi.shelbyville.oz> <9B19C671-4356-4918-B271-D95B7AA84BBA@iii.ca> <20131212213234.GQ3245@audi.shelbyville.oz> <CECFDD00.20577%mzanaty@cisco.com> <52AF1879.60106@alvestrand.no>
In-Reply-To: <52AF1879.60106@alvestrand.no>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:1c8j5BBZUK+jjVtNymA/VdHNcyYIa4zoMC5ltMl3ft9ifauN8UN C0xMc82Izl6VrfDXKtRZ5mKZa9lrzdShveRRDY/9xyTLqFDR2pyqfAtRpNiYaVk1PdDOSJy IO3yhklTiJztinZ+PCGNYmtNRCYsyL11qGqCwePCRdUdTUacDR+oC0Y7KRTEnSrAtBFnD87 gfy9SW1NtrZFi2OCM3WCw==
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Hermetic builds (Re: Cisco to open source its H.264 implementation and absorb MPEG-LA licensing fees)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Dec 2013 16:55:04 -0000

* Harald Alvestrand wrote:
>On 12/13/2013 04:33 AM, Mo Zanaty (mzanaty) wrote:
>> Yes, Cisco and Mozilla plan on solving fully reproducible binaries for all
>> targets officially supported in the openh264 project. Nothing less would
>> be acceptable to the community, especially given the recent security
>> incidents.

>Since this is a subthread with technical content, I'd like it to have 
>its own header....
>
>the name I've heard for this kind of generation environments is 
>"hermetic build".
>Google's been trying for hermetic builds for NaCL for instance - see 
>this doc:
>http://www.chromium.org/nativeclient/design-documents/building-a-hermetic-toolchain-on-cygwin

That seems to be a different concept, specifically

  Definition: the Native Client toolchain is said to be hermetic iff
  it can be copied to any location in the directory tree and it does
  not require system-wide installation of other 3-rd party tools.

which is more like http://en.wikipedia.org/wiki/XCOPY_deployment

  XCOPY deployment or xcopy installation is a software application's
  installation into a Microsoft Windows system simply by copying files.

Goals of these include being able to have multiple independent versions
of an application installed on a single system e.g. for testing purposes
and being able to put an application on a USB drive and run it from
there without any need to install or uninstall the software.

The goal of "reproducible binaries" is verification.

As an example, a binary might contain absolute paths to where the debug
symbol files have been generated during compilation. This path would be
specific to the build environment and would make the binaries less "re-
producible". But there is no real runtime dependency on such paths, so
it does not interfere with "XCOPY deployment".

>The bootable image of the build environment may be the simplest way....

The idea is to avoid trusting binary blobs, so one binary blob producing
another binary blob is not really interesting. Of course, explaining how
to create an equivalent bootable image (install Debian vX.Y with default
options, apt-get build tools, wget source code, untar, configure, make)
can avoid many problems.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/

v2.23.0 | Report a Bug | By Email