€•ØjŒsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ./translations/zh_CN/kbuild/reproducible-builds”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ./translations/zh_TW/kbuild/reproducible-builds”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ./translations/it_IT/kbuild/reproducible-builds”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ./translations/ja_JP/kbuild/reproducible-builds”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ./translations/ko_KR/kbuild/reproducible-builds”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ./translations/pt_BR/kbuild/reproducible-builds”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ./translations/sp_SP/kbuild/reproducible-builds”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒReproducible builds”h]”hŒReproducible builds”…””}”(hh¼h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhh·h²hh³ŒH/var/lib/git/docbuild/linux/Documentation/kbuild/reproducible-builds.rst”h´KubhŒ paragraph”“”)”}”(hX–It is generally desirable that building the same source code with the same set of tools is reproducible, i.e. the output is always exactly the same. This makes it possible to verify that the build infrastructure for a binary distribution or embedded system has not been subverted. This can also make it easier to verify that a source or tool change does not make any difference to the resulting binaries.”h]”hX–It is generally desirable that building the same source code with the same set of tools is reproducible, i.e. the output is always exactly the same. This makes it possible to verify that the build infrastructure for a binary distribution or embedded system has not been subverted. This can also make it easier to verify that a source or tool change does not make any difference to the resulting binaries.”…””}”(hhÍh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khh·h²hubhÌ)”}”(hŒÁThe `Reproducible Builds project`_ has more information about this general topic. This document covers the various reasons why building the kernel may be unreproducible, and how to avoid them.”h]”(hŒThe ”…””}”(hhÛh²hh³Nh´NubhŒ reference”“”)”}”(hŒ`Reproducible Builds project`_”h]”hŒReproducible Builds project”…””}”(hhåh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒReproducible Builds project”Œrefuri”Œ https://reproducible-builds.org/”uh1hãhhÛŒresolved”KubhŒŸ has more information about this general topic. This document covers the various reasons why building the kernel may be unreproducible, and how to avoid them.”…””}”(hhÛh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K hh·h²hubh¶)”}”(hhh]”(h»)”}”(hŒ Timestamps”h]”hŒ Timestamps”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjh²hh³hÊh´KubhÌ)”}”(hŒ-The kernel embeds timestamps in three places:”h]”hŒ-The kernel embeds timestamps in three places:”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khjh²hubhŒ bullet_list”“”)”}”(hhh]”(hŒ list_item”“”)”}”(hŒLThe version string exposed by ``uname()`` and included in ``/proc/version`` ”h]”hÌ)”}”(hŒKThe version string exposed by ``uname()`` and included in ``/proc/version``”h]”(hŒThe version string exposed by ”…””}”(hj,h²hh³Nh´NubhŒliteral”“”)”}”(hŒ ``uname()``”h]”hŒuname()”…””}”(hj6h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj,ubhŒ and included in ”…””}”(hj,h²hh³Nh´Nubj5)”}”(hŒ``/proc/version``”h]”hŒ /proc/version”…””}”(hjHh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj,ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khj(ubah}”(h]”h ]”h"]”h$]”h&]”uh1j&hj#h²hh³hÊh´Nubj')”}”(hŒ*File timestamps in the embedded initramfs ”h]”hÌ)”}”(hŒ)File timestamps in the embedded initramfs”h]”hŒ)File timestamps in the embedded initramfs”…””}”(hjfh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khjbubah}”(h]”h ]”h"]”h$]”h&]”uh1j&hj#h²hh³hÊh´Nubj')”}”(hŒ If enabled via ``CONFIG_IKHEADERS``, file timestamps of kernel headers embedded in the kernel or respective module, exposed via ``/sys/kernel/kheaders.tar.xz`` ”h]”hÌ)”}”(hŒŸIf enabled via ``CONFIG_IKHEADERS``, file timestamps of kernel headers embedded in the kernel or respective module, exposed via ``/sys/kernel/kheaders.tar.xz``”h]”(hŒIf enabled via ”…””}”(hj~h²hh³Nh´Nubj5)”}”(hŒ``CONFIG_IKHEADERS``”h]”hŒCONFIG_IKHEADERS”…””}”(hj†h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj~ubhŒ], file timestamps of kernel headers embedded in the kernel or respective module, exposed via ”…””}”(hj~h²hh³Nh´Nubj5)”}”(hŒ``/sys/kernel/kheaders.tar.xz``”h]”hŒ/sys/kernel/kheaders.tar.xz”…””}”(hj˜h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj~ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khjzubah}”(h]”h ]”h"]”h$]”h&]”uh1j&hj#h²hh³hÊh´Nubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ*”uh1j!h³hÊh´Khjh²hubhÌ)”}”(hŒÿBy default the timestamp is the current time and in the case of ``kheaders`` the various files' modification times. This must be overridden using the `KBUILD_BUILD_TIMESTAMP`_ variable. If you are building from a git commit, you could use its commit date.”h]”(hŒ@By default the timestamp is the current time and in the case of ”…””}”(hjºh²hh³Nh´Nubj5)”}”(hŒ ``kheaders``”h]”hŒkheaders”…””}”(hjÂh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hjºubhŒL the various files’ modification times. This must be overridden using the ”…””}”(hjºh²hh³Nh´Nubhä)”}”(hŒ`KBUILD_BUILD_TIMESTAMP`_”h]”hŒKBUILD_BUILD_TIMESTAMP”…””}”(hjÔh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒKBUILD_BUILD_TIMESTAMP”hõŒ"kbuild.html#kbuild-build-timestamp”uh1hãhjºh÷KubhŒP variable. If you are building from a git commit, you could use its commit date.”…””}”(hjºh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khjh²hubhÌ)”}”(hXThe kernel does *not* use the ``__DATE__`` and ``__TIME__`` macros, and enables warnings if they are used. If you incorporate external code that does use these, you must override the timestamp they correspond to by setting the `SOURCE_DATE_EPOCH`_ environment variable.”h]”(hŒThe kernel does ”…””}”(hjïh²hh³Nh´NubhŒemphasis”“”)”}”(hŒ*not*”h]”hŒnot”…””}”(hjùh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j÷hjïubhŒ use the ”…””}”(hjïh²hh³Nh´Nubj5)”}”(hŒ ``__DATE__``”h]”hŒ__DATE__”…””}”(hj h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hjïubhŒ and ”…””}”(hjïh²hh³Nh´Nubj5)”}”(hŒ ``__TIME__``”h]”hŒ__TIME__”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hjïubhŒ© macros, and enables warnings if they are used. If you incorporate external code that does use these, you must override the timestamp they correspond to by setting the ”…””}”(hjïh²hh³Nh´Nubhä)”}”(hŒ`SOURCE_DATE_EPOCH`_”h]”hŒSOURCE_DATE_EPOCH”…””}”(hj/h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒSOURCE_DATE_EPOCH”hõŒ7https://reproducible-builds.org/docs/source-date-epoch/”uh1hãhjïh÷KubhŒ environment variable.”…””}”(hjïh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K#hjh²hubeh}”(h]”Œ timestamps”ah ]”h"]”Œ timestamps”ah$]”h&]”uh1hµhh·h²hh³hÊh´Kubh¶)”}”(hhh]”(h»)”}”(hŒ User, host”h]”hŒ User, host”…””}”(hjUh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjRh²hh³hÊh´K*ubhÌ)”}”(hŒïThe kernel embeds the building user and host names in ``/proc/version``. These must be overridden using the `KBUILD_BUILD_USER and KBUILD_BUILD_HOST`_ variables. If you are building from a git commit, you could use its committer address.”h]”(hŒ6The kernel embeds the building user and host names in ”…””}”(hjch²hh³Nh´Nubj5)”}”(hŒ``/proc/version``”h]”hŒ /proc/version”…””}”(hjkh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hjcubhŒ&. These must be overridden using the ”…””}”(hjch²hh³Nh´Nubhä)”}”(hŒ*`KBUILD_BUILD_USER and KBUILD_BUILD_HOST`_”h]”hŒ'KBUILD_BUILD_USER and KBUILD_BUILD_HOST”…””}”(hj}h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”Œ'KBUILD_BUILD_USER and KBUILD_BUILD_HOST”hõŒ/kbuild.html#kbuild-build-user-kbuild-build-host”uh1hãhjch÷KubhŒX variables. If you are building from a git commit, you could use its committer address.”…””}”(hjch²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K,hjRh²hubeh}”(h]”Œ user-host”ah ]”h"]”Œ user, host”ah$]”h&]”uh1hµhh·h²hh³hÊh´K*ubh¶)”}”(hhh]”(h»)”}”(hŒAbsolute filenames”h]”hŒAbsolute filenames”…””}”(hj£h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj h²hh³hÊh´K2ubhÌ)”}”(hX"When the kernel is built out-of-tree, debug information may include absolute filenames for the source files and build directory. These must be overridden by including a ``-fdebug-prefix-map`` option for each in the `KCFLAGS`_ and `KAFLAGS`_ variables to cover both ``.c`` and ``.S`` files.”h]”(hŒªWhen the kernel is built out-of-tree, debug information may include absolute filenames for the source files and build directory. These must be overridden by including a ”…””}”(hj±h²hh³Nh´Nubj5)”}”(hŒ``-fdebug-prefix-map``”h]”hŒ-fdebug-prefix-map”…””}”(hj¹h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj±ubhŒ option for each in the ”…””}”(hj±h²hh³Nh´Nubhä)”}”(hŒ `KCFLAGS`_”h]”hŒKCFLAGS”…””}”(hjËh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒKCFLAGS”hõŒkbuild.html#kcflags”uh1hãhj±h÷KubhŒ and ”…””}”(hj±h²hh³Nh´Nubhä)”}”(hŒ `KAFLAGS`_”h]”hŒKAFLAGS”…””}”(hjàh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒKAFLAGS”hõŒkbuild.html#kaflags”uh1hãhj±h÷KubhŒ variables to cover both ”…””}”(hj±h²hh³Nh´Nubj5)”}”(hŒ``.c``”h]”hŒ.c”…””}”(hjõh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj±ubhŒ and ”…””}”hj±sbj5)”}”(hŒ``.S``”h]”hŒ.S”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj±ubhŒ files.”…””}”(hj±h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K4hj h²hubhÌ)”}”(hŒÙDepending on the compiler used, the ``__FILE__`` macro may also expand to an absolute filename in an out-of-tree build. Kbuild automatically uses the ``-fmacro-prefix-map`` option to prevent this, if it is supported.”h]”(hŒ$Depending on the compiler used, the ”…””}”(hjh²hh³Nh´Nubj5)”}”(hŒ ``__FILE__``”h]”hŒ__FILE__”…””}”(hj'h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hjubhŒg macro may also expand to an absolute filename in an out-of-tree build. Kbuild automatically uses the ”…””}”(hjh²hh³Nh´Nubj5)”}”(hŒ``-fmacro-prefix-map``”h]”hŒ-fmacro-prefix-map”…””}”(hj9h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hjubhŒ, option to prevent this, if it is supported.”…””}”(hjh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K:hj h²hubhÌ)”}”(hŒXThe Reproducible Builds web site has more information about these `prefix-map options`_.”h]”(hŒBThe Reproducible Builds web site has more information about these ”…””}”(hjQh²hh³Nh´Nubhä)”}”(hŒ`prefix-map options`_”h]”hŒprefix-map options”…””}”(hjYh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”Œprefix-map options”hõŒ0https://reproducible-builds.org/docs/build-path/”uh1hãhjQh÷KubhŒ.”…””}”(hjQh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K?hj h²hubhÌ)”}”(hŒuSome CONFIG options such as `CONFIG_DEBUG_EFI` embed absolute paths in object files. Such options should be disabled.”h]”(hŒSome CONFIG options such as ”…””}”(hjth²hh³Nh´NubhŒtitle_reference”“”)”}”(hŒ`CONFIG_DEBUG_EFI`”h]”hŒCONFIG_DEBUG_EFI”…””}”(hj~h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j|hjtubhŒG embed absolute paths in object files. Such options should be disabled.”…””}”(hjth²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KBhj h²hubeh}”(h]”Œabsolute-filenames”ah ]”h"]”Œabsolute filenames”ah$]”h&]”uh1hµhh·h²hh³hÊh´K2ubh¶)”}”(hhh]”(h»)”}”(hŒ"Generated files in source packages”h]”hŒ"Generated files in source packages”…””}”(hj¡h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjžh²hh³hÊh´KFubhÌ)”}”(hXbThe build processes for some programs under the ``tools/`` subdirectory do not completely support out-of-tree builds. This may cause a later source package build using e.g. ``make rpm-pkg`` to include generated files. You should ensure the source tree is pristine by running ``make mrproper`` or ``git clean -d -f -x`` before building a source package.”h]”(hŒ0The build processes for some programs under the ”…””}”(hj¯h²hh³Nh´Nubj5)”}”(hŒ ``tools/``”h]”hŒtools/”…””}”(hj·h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj¯ubhŒt subdirectory do not completely support out-of-tree builds. This may cause a later source package build using e.g. ”…””}”(hj¯h²hh³Nh´Nubj5)”}”(hŒ``make rpm-pkg``”h]”hŒ make rpm-pkg”…””}”(hjÉh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj¯ubhŒW to include generated files. You should ensure the source tree is pristine by running ”…””}”(hj¯h²hh³Nh´Nubj5)”}”(hŒ``make mrproper``”h]”hŒ make mrproper”…””}”(hjÛh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj¯ubhŒ or ”…””}”(hj¯h²hh³Nh´Nubj5)”}”(hŒ``git clean -d -f -x``”h]”hŒgit clean -d -f -x”…””}”(hjíh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj¯ubhŒ" before building a source package.”…””}”(hj¯h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KHhjžh²hubeh}”(h]”Œ"generated-files-in-source-packages”ah ]”h"]”Œ"generated files in source packages”ah$]”h&]”uh1hµhh·h²hh³hÊh´KFubh¶)”}”(hhh]”(h»)”}”(hŒModule signing”h]”hŒModule signing”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj h²hh³hÊh´KPubhÌ)”}”(hXIf you enable ``CONFIG_MODULE_SIG_ALL``, the default behaviour is to generate a different temporary key for each build, resulting in the modules being unreproducible. However, including a signing key with your source would presumably defeat the purpose of signing modules.”h]”(hŒIf you enable ”…””}”(hjh²hh³Nh´Nubj5)”}”(hŒ``CONFIG_MODULE_SIG_ALL``”h]”hŒCONFIG_MODULE_SIG_ALL”…””}”(hj&h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hjubhŒê, the default behaviour is to generate a different temporary key for each build, resulting in the modules being unreproducible. However, including a signing key with your source would presumably defeat the purpose of signing modules.”…””}”(hjh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KRhj h²hubhÌ)”}”(hŒrOne approach to this is to divide up the build process so that the unreproducible parts can be treated as sources:”h]”hŒrOne approach to this is to divide up the build process so that the unreproducible parts can be treated as sources:”…””}”(hj>h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KWhj h²hubhŒenumerated_list”“”)”}”(hhh]”(j')”}”(hŒZGenerate a persistent signing key. Add the certificate for the key to the kernel source. ”h]”hÌ)”}”(hŒYGenerate a persistent signing key. Add the certificate for the key to the kernel source.”h]”hŒYGenerate a persistent signing key. Add the certificate for the key to the kernel source.”…””}”(hjUh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KZhjQubah}”(h]”h ]”h"]”h$]”h&]”uh1j&hjNh²hh³hÊh´Nubj')”}”(hŒÏSet the ``CONFIG_SYSTEM_TRUSTED_KEYS`` symbol to include the signing key's certificate, set ``CONFIG_MODULE_SIG_KEY`` to an empty string, and disable ``CONFIG_MODULE_SIG_ALL``. Build the kernel and modules. ”h]”hÌ)”}”(hŒÎSet the ``CONFIG_SYSTEM_TRUSTED_KEYS`` symbol to include the signing key's certificate, set ``CONFIG_MODULE_SIG_KEY`` to an empty string, and disable ``CONFIG_MODULE_SIG_ALL``. Build the kernel and modules.”h]”(hŒSet the ”…””}”(hjmh²hh³Nh´Nubj5)”}”(hŒ``CONFIG_SYSTEM_TRUSTED_KEYS``”h]”hŒCONFIG_SYSTEM_TRUSTED_KEYS”…””}”(hjuh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hjmubhŒ8 symbol to include the signing key’s certificate, set ”…””}”(hjmh²hh³Nh´Nubj5)”}”(hŒ``CONFIG_MODULE_SIG_KEY``”h]”hŒCONFIG_MODULE_SIG_KEY”…””}”(hj‡h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hjmubhŒ! to an empty string, and disable ”…””}”(hjmh²hh³Nh´Nubj5)”}”(hŒ``CONFIG_MODULE_SIG_ALL``”h]”hŒCONFIG_MODULE_SIG_ALL”…””}”(hj™h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hjmubhŒ. Build the kernel and modules.”…””}”(hjmh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K]hjiubah}”(h]”h ]”h"]”h$]”h&]”uh1j&hjNh²hh³hÊh´Nubj')”}”(hŒICreate detached signatures for the modules, and publish them as sources. ”h]”hÌ)”}”(hŒHCreate detached signatures for the modules, and publish them as sources.”h]”hŒHCreate detached signatures for the modules, and publish them as sources.”…””}”(hj»h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kbhj·ubah}”(h]”h ]”h"]”h$]”h&]”uh1j&hjNh²hh³hÊh´Nubj')”}”(hŒ|Perform a second build that attaches the module signatures. It can either rebuild the modules or use the output of step 2. ”h]”hÌ)”}”(hŒ{Perform a second build that attaches the module signatures. It can either rebuild the modules or use the output of step 2.”h]”hŒ{Perform a second build that attaches the module signatures. It can either rebuild the modules or use the output of step 2.”…””}”(hjÓh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KehjÏubah}”(h]”h ]”h"]”h$]”h&]”uh1j&hjNh²hh³hÊh´Nubeh}”(h]”h ]”h"]”h$]”h&]”Œenumtype”Œarabic”Œprefix”hŒsuffix”Œ.”uh1jLhj h²hh³hÊh´KZubeh}”(h]”Œmodule-signing”ah ]”h"]”Œmodule signing”ah$]”h&]”uh1hµhh·h²hh³hÊh´KPubh¶)”}”(hhh]”(h»)”}”(hŒStructure randomisation”h]”hŒStructure randomisation”…””}”(hjýh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjúh²hh³hÊh´KiubhÌ)”}”(hŒÔIf you enable ``CONFIG_RANDSTRUCT``, you will need to pre-generate the random seed in ``scripts/basic/randstruct.seed`` so the same value is used by each build. See ``scripts/gen-randstruct-seed.sh`` for details.”h]”(hŒIf you enable ”…””}”(hj h²hh³Nh´Nubj5)”}”(hŒ``CONFIG_RANDSTRUCT``”h]”hŒCONFIG_RANDSTRUCT”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj ubhŒ3, you will need to pre-generate the random seed in ”…””}”(hj h²hh³Nh´Nubj5)”}”(hŒ!``scripts/basic/randstruct.seed``”h]”hŒscripts/basic/randstruct.seed”…””}”(hj%h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj ubhŒ. so the same value is used by each build. See ”…””}”(hj h²hh³Nh´Nubj5)”}”(hŒ"``scripts/gen-randstruct-seed.sh``”h]”hŒscripts/gen-randstruct-seed.sh”…””}”(hj7h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj ubhŒ for details.”…””}”(hj h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kkhjúh²hubeh}”(h]”Œstructure-randomisation”ah ]”h"]”Œstructure randomisation”ah$]”h&]”uh1hµhh·h²hh³hÊh´Kiubh¶)”}”(hhh]”(h»)”}”(hŒDebug info conflicts”h]”hŒDebug info conflicts”…””}”(hjZh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjWh²hh³hÊh´KqubhÌ)”}”(hŒ\This is not a problem of unreproducibility, but of generated files being *too* reproducible.”h]”(hŒIThis is not a problem of unreproducibility, but of generated files being ”…””}”(hjhh²hh³Nh´Nubjø)”}”(hŒ*too*”h]”hŒtoo”…””}”(hjph²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j÷hjhubhŒ reproducible.”…””}”(hjhh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KshjWh²hubhÌ)”}”(hŒûOnce you set all the necessary variables for a reproducible build, a vDSO's debug information may be identical even for different kernel versions. This can result in file conflicts between debug information packages for the different kernel versions.”h]”hŒýOnce you set all the necessary variables for a reproducible build, a vDSO’s debug information may be identical even for different kernel versions. This can result in file conflicts between debug information packages for the different kernel versions.”…””}”(hjˆh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KvhjWh²hubhÌ)”}”(hŒ½To avoid this, you can make the vDSO different for different kernel versions by including an arbitrary string of "salt" in it. This is specified by the Kconfig symbol ``CONFIG_BUILD_SALT``.”h]”(hŒ«To avoid this, you can make the vDSO different for different kernel versions by including an arbitrary string of “salt†in it. This is specified by the Kconfig symbol ”…””}”(hj–h²hh³Nh´Nubj5)”}”(hŒ``CONFIG_BUILD_SALT``”h]”hŒCONFIG_BUILD_SALT”…””}”(hjžh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj–ubhŒ.”…””}”(hj–h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K{hjWh²hubeh}”(h]”Œdebug-info-conflicts”ah ]”h"]”Œdebug info conflicts”ah$]”h&]”uh1hµhh·h²hh³hÊh´Kqubh¶)”}”(hhh]”(h»)”}”(hŒGit”h]”hŒGit”…””}”(hjÁh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj¾h²hh³hÊh´K€ubhÌ)”}”(hXgUncommitted changes or different commit ids in git can also lead to different compilation results. For example, after executing ``git reset HEAD^``, even if the code is the same, the ``include/config/kernel.release`` generated during compilation will be different, which will eventually lead to binary differences. See ``scripts/setlocalversion`` for details.”h]”(hŒ€Uncommitted changes or different commit ids in git can also lead to different compilation results. For example, after executing ”…””}”(hjÏh²hh³Nh´Nubj5)”}”(hŒ``git reset HEAD^``”h]”hŒgit reset HEAD^”…””}”(hj×h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hjÏubhŒ$, even if the code is the same, the ”…””}”(hjÏh²hh³Nh´Nubj5)”}”(hŒ!``include/config/kernel.release``”h]”hŒinclude/config/kernel.release”…””}”(hjéh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hjÏubhŒg generated during compilation will be different, which will eventually lead to binary differences. See ”…””}”(hjÏh²hh³Nh´Nubj5)”}”(hŒ``scripts/setlocalversion``”h]”hŒscripts/setlocalversion”…””}”(hjûh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hjÏubhŒ for details.”…””}”(hjÏh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K‚hj¾h²hubhŒtarget”“”)”}”(hŒ>.. _KBUILD_BUILD_TIMESTAMP: kbuild.html#kbuild-build-timestamp”h]”h}”(h]”Œkbuild-build-timestamp”ah ]”h"]”Œkbuild_build_timestamp”ah$]”h&]”hõjäuh1jh´K‰hj¾h²hh³hÊŒ referenced”Kubj)”}”(hŒ\.. _KBUILD_BUILD_USER and KBUILD_BUILD_HOST: kbuild.html#kbuild-build-user-kbuild-build-host”h]”h}”(h]”Œ'kbuild-build-user-and-kbuild-build-host”ah ]”h"]”Œ'kbuild_build_user and kbuild_build_host”ah$]”h&]”hõjuh1jh´KŠhj¾h²hh³hÊj!Kubj)”}”(hŒ .. _KCFLAGS: kbuild.html#kcflags”h]”h}”(h]”Œkcflags”ah ]”h"]”Œkcflags”ah$]”h&]”hõjÛuh1jh´K‹hj¾h²hh³hÊj!Kubj)”}”(hŒ .. _KAFLAGS: kbuild.html#kaflags”h]”h}”(h]”Œkaflags”ah ]”h"]”Œkaflags”ah$]”h&]”hõjðuh1jh´KŒhj¾h²hh³hÊj!Kubj)”}”(hŒH.. _prefix-map options: https://reproducible-builds.org/docs/build-path/”h]”h}”(h]”Œprefix-map-options”ah ]”h"]”Œprefix-map options”ah$]”h&]”hõjiuh1jh´Khj¾h²hh³hÊj!Kubj)”}”(hŒA.. _Reproducible Builds project: https://reproducible-builds.org/”h]”h}”(h]”Œreproducible-builds-project”ah ]”h"]”Œreproducible builds project”ah$]”h&]”hõhöuh1jh´KŽhj¾h²hh³hÊj!Kubj)”}”(hŒN.. _SOURCE_DATE_EPOCH: https://reproducible-builds.org/docs/source-date-epoch/”h]”h}”(h]”Œsource-date-epoch”ah ]”h"]”Œsource_date_epoch”ah$]”h&]”hõj?uh1jh´Khj¾h²hh³hÊj!Kubeh}”(h]”Œgit”ah ]”h"]”Œgit”ah$]”h&]”uh1hµhh·h²hh³hÊh´K€ubeh}”(h]”Œreproducible-builds”ah ]”h"]”Œreproducible builds”ah$]”h&]”uh1hµhhh²hh³hÊh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÊuh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hºNŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jŒerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÊŒ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”(Œreproducible builds project”]”håaŒkbuild_build_timestamp”]”jÔaŒsource_date_epoch”]”j/aŒ'kbuild_build_user and kbuild_build_host”]”j}aŒkcflags”]”jËaŒkaflags”]”jàaŒprefix-map options”]”jYauŒrefids”}”Œnameids”}”(jwjtjOjLjjšj›j˜j jj÷jôjTjQj»j¸jojljjj+j(j7j4jCj@jOjLj[jXjgjduŒ nametypes”}”(jw‰jO‰j‰j›‰j ‰j÷‰jT‰j»‰jo‰jˆj+ˆj7ˆjCˆjOˆj[ˆjgˆuh}”(jth·jLjjšjRj˜j jjžjôj jQjúj¸jWjlj¾jjj(j"j4j.j@j:jLjFjXjRjdj^uŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nh²hub.