Reproducible build (a.k.a deterministic build)

[Masao Uebayashi <uebayasi%gmail.com@localhost>]

Hi!

I've been looking at "reproducible build" on NetBSD.  The goal is to generate
identical output (== binary image) from identical source.  If this is once
realized, output can be identified by comparing checksums.  This is useful
for embedded purposes where strict version management is required.

I'd also want to address source path independence.  This might not be necessary
but very useful practically.

To prove the concept, I've made some local changes and reached where I can
make sureidentical ${DESTDIR} is possible.

        http://www.netbsd.org/~uebayasi/reproducible-build-20090218-patch.txt
        http://www.netbsd.org/~uebayasi/reproducible-build-20090218-md5.txt

What I've changed:

- Hack cpp(1) to strip __FILE__'s prefix.
  - At the moment, hint prefix is given to cpp(1) via environment.
- Hack g++(1) to strip file prefix which is used in mangled absolute path.
  - Using environment too.
  - perry@ said this can be avoided by not passing ${TOP} as build seed.
    I've not checked that.
- Remove debug build (${CC} -g) which embeds source paths into objects.
- Hack ar(1) to generate constant timestamps.
  - Blindly applied cgd@'s post to binutils@. :)

The list of ${DESTDIR} files that are not identical:

- ./METALOG*
- ./etc/mtree/sets.*
- ./etc/release
- ./usr/include/krb5/*.h
- ./usr/libdata/lint/llib-lpam.ln
- ./usr/share/info/*.info
- ./var/db/libc.tags

Before proceeding further I'd like to ask if you see value for this, and if
yes how to address above items.

Masao