Commit da30b6ee authored by anonym's avatar anonym

Musings about static build environments.

parent 15424205
......@@ -141,6 +141,39 @@ builds, in order to enable security researchers to audit our software more easil
and, as a consequence, to allow our users to put more trust in our
# Various ideas
## Static build environment
Currently we try to keep our build system up-to-date, but that can
introduce subtle problems in the context of building
reproducibly. What if some bugfix slightly changes some output that
will end up in our image? Hence it seems we'll avoid a lot of problems
if we fix the build environment.
We could get this for our current Vagrant-based build system by
leveraging our freezable APT repo: a normal `rake build` doesn't try
to be reproducible -- it uses a VM with normal upgrades just like now.
However, we add an option to make a build reproducible, which then
creates a new builder VM from the basebox, and uses some frozen APT
suite whose serial is encoded in Git to provision it.
Initially we could easily use time-based snapshots, making Tails
builds reproducible until the snapshot expires (six weeks?), but it
could be extended to infinity if we could generate a manifest of which
packages the builder VM needs and put them in a tagged partial APT
snapshot. If we then also host our baseboxes somewhere indefinitely
(so not the mirrors probably) Tails can be built reproducibly as long
as our infra remains operational.
A variant of this is that we always do reproducible builds, and then
always have our build system use some tagged partial APT snapshot and
that we update this (via making a new snapshot and encoded its serial
in Git) regularly (e.g. when there's a security update). We may even
be able to automate parts of this (e.g. jenkins publishes a branch
pointing to an updated snapshot *it* generated, that we then can merge
into all branches).
# Miscellaneous resources
* <>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment