|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [MirageOS-devel] Reproducible builds
>>> Wondering if there may be anything to do on our end though, as well? >>> (Particularly perhaps with the various cross compilation things that >>> rump support probably entails.) eg., having the generated makefile >>> snap the hashes of all opam package used etc into some kind of >>> manifest perhaps? >> >> Functoria generates a manifest of the package versions and names used by the >> build (look into Info_gen.ml I think). We could try to extend it to keep >> track of some kind of SHAx as well, but the data is not really available in >> opam's metadata (we only get the md5 of a tar.gz file, which is not really >> ideal) >> > > Ah right-- sounds like it could be a start though? > > Is there any chance that OPAM might evolve toward this, Eg by > supporting SHAx of some sort rather than MD5, or that it would be > beneficial to just add MD5 of the package tarball downloaded by OPAM, > or something? Your are lucky, this is coming in opam 1.3, with opam signing [1,2] :-) [hopefully] [1]: https://github.com/ocaml/opam/wiki/Signing-the-OPAM-repository---draft [2]: https://github.com/hannesm/conex _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |