IETF Logo Mail Archive

[rtcweb] Hermetic builds (Re: Cisco to open source its H.264 implementation and absorb MPEG-LA licensing fees)

Harald Alvestrand <harald@alvestrand.no> Mon, 16 December 2013 15:12 UTC

Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B1191ADF62 for <rtcweb@ietfa.amsl.com>; Mon, 16 Dec 2013 07:12:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.437
X-Spam-Level:
X-Spam-Status: No, score=-7.437 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.538] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A8Fczxp5BH7B for <rtcweb@ietfa.amsl.com>; Mon, 16 Dec 2013 07:12:46 -0800 (PST)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id 25EB31ADE8A for <rtcweb@ietf.org>; Mon, 16 Dec 2013 07:12:46 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 55B0439E304 for <rtcweb@ietf.org>; Mon, 16 Dec 2013 16:12:48 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03xtij7dt9PE for <rtcweb@ietf.org>; Mon, 16 Dec 2013 16:12:47 +0100 (CET)
Received: from [192.168.1.17] (unknown [188.113.88.47]) by eikenes.alvestrand.no (Postfix) with ESMTPSA id 2BFBD39E062 for <rtcweb@ietf.org>; Mon, 16 Dec 2013 16:12:47 +0100 (CET)
Message-ID: <52AF1879.60106@alvestrand.no>
Date: Mon, 16 Dec 2013 16:12:57 +0100
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <186CE8D65BA3A741A81A543F936DD0D10A5803D8@xmb-rcd-x07.cisco.com> <A672E2AB-827D-46E8-9EB1-D7ED82B10B94@cisco.com> <20131211193239.GK3245@audi.shelbyville.oz> <558F8D49-4024-4DF1-9A9E-AF422F1292C2@iii.ca> <20131212011550.GM3245@audi.shelbyville.oz> <E8882BCE-4795-4CF5-B785-18C2141A5DE2@iii.ca> <20131212183852.GN3245@audi.shelbyville.oz> <9B19C671-4356-4918-B271-D95B7AA84BBA@iii.ca> <20131212213234.GQ3245@audi.shelbyville.oz> <CECFDD00.20577%mzanaty@cisco.com>
In-Reply-To: <CECFDD00.20577%mzanaty@cisco.com>
Content-Type: multipart/alternative; boundary="------------090309000303030903010700"
Subject: [rtcweb] Hermetic builds (Re: Cisco to open source its H.264 implementation and absorb MPEG-LA licensing fees)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Dec 2013 15:12:49 -0000

Since this is a subthread with technical content, I'd like it to have 
its own header....

the name I've heard for this kind of generation environments is 
"hermetic build".
Google's been trying for hermetic builds for NaCL for instance - see 
this doc:
http://www.chromium.org/nativeclient/design-documents/building-a-hermetic-toolchain-on-cygwin


On 12/13/2013 04:33 AM, Mo Zanaty (mzanaty) wrote:
> Yes, Cisco and Mozilla plan on solving fully reproducible binaries for all
> targets officially supported in the openh264 project. Nothing less would
> be acceptable to the community, especially given the recent security
> incidents.
>
> We welcome contributions from anyone who has struggled with this in the
> past, and is aware of specific problems or solutions beyond the obvious
> ones below.
>
> 1. Identical source trees (git hash)
> 2. Identical project configuration (make targets that include all
> configuration options)
> 3. Identical tool chains on similar build machines (same arch at least,
> probably x86-64)
> 4. Deterministic tool chains (avoid tool options that lack determinism)
> 5. Deterministically identical tool chain output must be hashed separately
> from uniquely generated data (build info, etc.)
>
> Some feel that tool chains can also be subverted and therefore should also
> be built from source, using some root golden tool chain. We are not that
> paranoid yet. Should we be?

There's more fun, including:

- Sources that timestamp the compilation output (wrecks hashes)
- Sources that #include stuff from system locations (break hermeticness)

In order to get the same version of the toolchain, one pretty much has to
either distribute it with the sources or build it from source - the latter
has the same issues one level down, so distributing the toolchain may
be the simpler option.

The bootable image of the build environment may be the simplest way....


>
> Mo
>
>   
> On 12/12/13, 4:32 PM, Ron <ron@debian.org> wrote:
> ...
> There is considerable work presently being done on fully reproducible
> binaries, since obviously this is of interest on many fronts, but it's
> currently far from being a universally (or easily) Solved Problem.
>
> Is Cisco actually planning to invest work into solving this (for all
> architectures!) as part of this project?
> ...
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email