[yocto] Yocto & long-term reproducibility of rebuilds
Richard Purdie
richard.purdie at linuxfoundation.org
Mon Jan 30 13:36:31 PST 2012
On Mon, 2012-01-30 at 08:34 -0800, paul_nathan at selinc.com wrote:
> I am investigating Yocto for a build system here. Part of my
> requirements for a build system is auditable/traceable builds that can
> be replicated long into the future (our company has a 10 year warranty
> on our products, and we build products for the multidecade term).
> Initial examination of Yocto shows that it builds packages from a
> number of different domains online, which will not meet our
> requirements - we'll have to store these packages to ensure these
> packages exist in the correct version long into the future. I know we
> can manually edit the SRC_URI setting in .bb files, but the more
> general problem of package archiving exists.
>
> I am interested in any information or recommendations other users of
> the Yocto system have on how they have solved this sort of design
> constraint.
This is something we've worked to ensure works since we understand the
importance of long term reproducibility.
Others have mentioned how a local source cache can be created and how
MIRRORS and PREMIRRORS can be used to override or supplement to the
SRC_URI. In addition I'd mention we have a variable BB_NO_NETWORK which
disables all network access so you can ensure only local files are used
in a given build.
Cheers,
Richard
More information about the yocto
mailing list