[Git][hardenedbsd/HardenedBSD][freebsd/current/main] kernel: MK_REPRODUCIBLE_PATHS for full paths vs /usr/src

[HardenedBSD Services (@hardenedbsd-services)]

HardenedBSD Services pushed to branch freebsd/current/main at HardenedBSD / HardenedBSD


Commits:
faeaa25f by Warner Losh at 2025-12-28T01:16:39-07:00
kernel: MK_REPRODUCIBLE_PATHS for full paths vs /usr/src

There are many environments that you do not want the paths to be
canonicalized. For example, if I always build a product from a specific
path in a jail that's dependent on the product version, I don't want
that to be sanitized to /usr/src because when I have profiling tools run
against multiple kernels, I can't do A/B testing and results processing
if everything points to /usr/src (sadly, the profiling tools cannot
remap back to the original like gdb can). Since we need both active at
the same time, symbloic link fallbacks don't work.

We do want the rest of the build to be reproducible, however. We'll get
the same binaries if we rebuild later since we always rebuild with the
same path.

Turn them both on for maximum reproduction for environments where that
cannot be guaranteed.

Sponsored by: Netflix
Input from: emaste, ivy
Differential Revision: https://reviews.freebsd.org/D52959

- - - - -


7 changed files:

- share/man/man5/src.conf.5
- share/mk/bsd.debug.mk
- share/mk/src.opts.mk
- sys/conf/kern.opts.mk
- sys/conf/kern.post.mk
- sys/conf/kmod.mk
- + tools/build/options/WITH_REPRODUCIBLE_PATHS


Changes:

=====================================
share/man/man5/src.conf.5
=====================================
@@ -1,5 +1,5 @@
.\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman.
-.Dd December 21, 2025
+.Dd December 28, 2025
.Dt SRC.CONF 5
.Os
.Sh NAME
@@ -1590,6 +1590,13 @@ option.
Exclude build metadata (such as the build time, user, or host)
from the kernel, boot loaders, and uname output, so that builds produce
bit-for-bit identical output.
+.It Va WITH_REPRODUCIBLE_PATHS
+Modify the paths encoded in binary artifacts to be standard path
+
+Normaly, the actual path is encoded in the binary. However, this makes the build
+differ depending on the path it was built from. With this option enabled, the
+paths recorded are /usr/src, regardless of the actual path. With this option
+disabled, the actual paths are recorded.
.It Va WITHOUT_RESCUE
Do not build
.Xr rescue 8 .


=====================================
share/mk/bsd.debug.mk
=====================================
@@ -16,7 +16,7 @@ MK_WERROR= no
# If reproducible build mode is enabled, map the root of the source
# directory to /usr/src and the root of the object directory to
# /usr/obj.
-.if ${MK_REPRODUCIBLE_BUILD} != "no" && !defined(DEBUG_PREFIX)
+.if ${MK_REPRODUCIBLE_PATHS} != "no" && !defined(DEBUG_PREFIX)
.if defined(SRCTOP)
DEBUG_PREFIX+= ${SRCTOP:S,/$,,}=/usr/src
.endif


=====================================
share/mk/src.opts.mk
=====================================
@@ -217,6 +217,7 @@ __DEFAULT_NO_OPTIONS = \
MALLOC_PRODUCTION \
OFED_EXTRA \
OPENLDAP \
+ REPRODUCIBLE_PATHS \
RPCBIND_WARMSTART_SUPPORT \
SORT_THREADS \
ZONEINFO_LEAPSECONDS_SUPPORT \


=====================================
sys/conf/kern.opts.mk
=====================================
@@ -56,6 +56,7 @@ __DEFAULT_NO_OPTIONS = \
KERNEL_RETPOLINE \
RATELIMIT \
REPRODUCIBLE_BUILD \
+ REPRODUCIBLE_PATHS \
VERIEXEC

# Some options are totally broken on some architectures. We disable them. If you


=====================================
sys/conf/kern.post.mk
=====================================
@@ -372,7 +372,7 @@ _ILINKS+= x86
_ILINKS+= i386
.endif

-.if ${MK_REPRODUCIBLE_BUILD} != "no"
+.if ${MK_REPRODUCIBLE_PATHS} != "no"
PREFIX_SYSDIR=/usr/src/sys
PREFIX_OBJDIR=/usr/obj/usr/src/${MACHINE}.${MACHINE_CPUARCH}/sys/${KERN_IDENT}
CFLAGS+= -ffile-prefix-map=${SYSDIR}=${PREFIX_SYSDIR}


=====================================
sys/conf/kmod.mk
=====================================
@@ -303,7 +303,7 @@ all: ${PROG}
beforedepend: ${_ILINKS}
beforebuild: ${_ILINKS}

-.if ${MK_REPRODUCIBLE_BUILD} != "no"
+.if ${MK_REPRODUCIBLE_PATHS} != "no"
PREFIX_SYSDIR=/usr/src/sys
CFLAGS+= -ffile-prefix-map=${SYSDIR}=${PREFIX_SYSDIR}
.if defined(KERNBUILDDIR)


=====================================
tools/build/options/WITH_REPRODUCIBLE_PATHS
=====================================
@@ -0,0 +1,6 @@
+Modify the paths encoded in binary artifacts to be standard path
+
+Normaly, the actual path is encoded in the binary. However, this makes the build
+differ depending on the path it was built from. With this option enabled, the
+paths recorded are /usr/src, regardless of the actual path. With this option
+disabled, the actual paths are recorded.



View it on GitLab: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/faeaa25f562493370a5da84b429ab0a117c3213a

--
View it on GitLab: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/faeaa25f562493370a5da84b429ab0a117c3213a
You're receiving this email because of your account on git.hardenedbsd.org.