@ -8,28 +8,80 @@ This package can do a deterministic build of a package inside a VM.
This performs a build inside a VM, with deterministic inputs and outputs. If the build script takes care of all sources of non-determinism (mostly caused by timestamps), the result will always be the same. This allows multiple independent verifiers to sign a binary with the assurance that it really came from the source they reviewed.
export PATH=$PATH:/opt/local/libexec/gnubin # Needed for sha256sum
### KVM
If you want to use kvm:
sudo apt-get install qemu-kvm
or alternatively, lxc (no need for hardware support):
### LXC (no need for hardware support):
sudo apt-get install debootstrap lxc
Create the base VM for use in further builds (requires sudo, please review the script):
### VirtualBox
Install virtualbox from virtualbox.org, and make sure VBoxManage is in your $PATH.
## Create the base VM for use in further builds (requires sudo, please review the script):
### KVM
bin/make-base-vm
bin/make-base-vm --arch i386
or for lxc:
### LXC
bin/make-base-vm --lxc
bin/make-base-vm --lxc --arch i386
Set the USE_LXC environment variable to use LXC instead of KVM:
export USE_LXC=1
### VirtualBox
Command-line VBoxManage must be in your PATH
Setup:
make-base-vm cannot yet make VirtualBox virtual machines (patches welcome-- it should be possible to use VBoxManage, boot-from-network Linux images and PXE booting to do it). So you must either get or manually create VirtualBox machines that:
1. Are named "Gitian-<suite>-<arch>" -- e.g. Gitian-lucid-i386 for a 32-bit, Ubuntu 10 machine.
2. Have a booted-up snapshot named "Gitian-Clean" . The build script resets the VM to that snapshot to get reproducible builds.
3. Has the VM's NAT networking setup to forward port localhost:2223 on the host machine to port 22 of the VM; e.g.: