diff options
Diffstat (limited to 'poky/documentation/test-manual')
| -rw-r--r-- | poky/documentation/test-manual/index.rst | 2 | ||||
| -rw-r--r-- | poky/documentation/test-manual/reproducible-builds.rst | 135 | ||||
| -rw-r--r-- | poky/documentation/test-manual/yocto-project-compatible.rst | 124 |
3 files changed, 261 insertions, 0 deletions
diff --git a/poky/documentation/test-manual/index.rst b/poky/documentation/test-manual/index.rst index e2198c4c3..4c590a6aa 100644 --- a/poky/documentation/test-manual/index.rst +++ b/poky/documentation/test-manual/index.rst @@ -13,6 +13,8 @@ Yocto Project Test Environment Manual intro test-process understand-autobuilder + reproducible-builds + yocto-project-compatible history .. include:: /boilerplate.rst diff --git a/poky/documentation/test-manual/reproducible-builds.rst b/poky/documentation/test-manual/reproducible-builds.rst new file mode 100644 index 000000000..e13583c0b --- /dev/null +++ b/poky/documentation/test-manual/reproducible-builds.rst @@ -0,0 +1,135 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + +******************* +Reproducible Builds +******************* + +================ +How we define it +================ + +The Yocto Project defines reproducibility as where a given input build +configuration will give the same binary output regardless of when it is built +(now or in 5 years time), regardless of the path on the filesystem the build is +run in, and regardless of the distro and tools on the underlying host system the +build is running on. + +============== +Why it matters +============== + +The project aligns with the `Reproducible Builds project +<https://reproducible-builds.org/>`_, which shares information about why +reproducibility matters. The primary focus of the project is the ability to +detect security issues being introduced. However, from a Yocto Project +perspective, it is also hugely important that our builds are deterministic. When +you build a given input set of metadata, we expect you to get consistent output. +This has always been a key focus but, :yocto_docs:`since release 3.1 ("dunfell") +</ref-manual/migration-3.1.html#reproducible-builds-now-enabled-by-default>`, +it is now true down to the binary level including timestamps. + +For example, at some point in the future life of a product, you find that you +need to rebuild to add a security fix. If this happens, only the components that +have been modified should change at the binary level. This would lead to much +easier and clearer bounds on where validation is needed. + +This also gives an additional benefit to the project builds themselves, our hash +equivalence for :ref:`Shared State <overview-manual/concepts:Shared State>` +object reuse works much more effectively when the binary output remains the +same. + +.. note:: + + We strongly advise you to make sure your project builds reproducibly + before finalizing your production images. It would be too late if you + only address this issue when the first updates are required. + +=================== +How we implement it +=================== + +There are many different aspects to build reproducibility, but some particular +things we do within the build system to ensure reproducibility include: + +- Adding mappings to the compiler options to ensure debug filepaths are mapped + to consistent target compatible paths. This is done through the + ``DEBUG_PREFIX_MAP`` variable which sets the ``-fmacro-prefix-map`` and + ``-fdebug-prefix-map`` compiler options correctly to map to target paths. +- Being explicit about recipe dependencies and their configuration (no floating + configure options or host dependencies creeping in). In particular this means + making sure :term:`PACKAGECONFIG` coverage covers configure options which may + otherwise try and auto-detect host dependencies. +- Using recipe specific sysroots to isolate recipes so they only see their + dependencies. These are visible as ``recipe-sysroot`` and + ``recipe-sysroot-native`` directories within the :term:`WORKDIR` of a given + recipe and are populated only with the dependencies a recipe has. +- Build images from a reduced package set: only packages from recipes the image + depends upon. +- Filtering the tools available from the host's ``PATH`` to only a specific set + of tools, set using the :term:`HOSTTOOLS` variable. + +========================================= +Can we prove the project is reproducible? +========================================= + +Yes, we can prove it and we regularly test this on the Autobuilder. At the +time of writing (release 3.3, "hardknott"), :term:`OpenEmbedded-Core (OE-Core)` +is 100% reproducible for all its recipes (i.e. world builds) apart from the Go +language and Ruby documentation packages. Unfortunately, the current +implementation of the Go language has fundamental reproducibility problems as +it always depends upon the paths it is built in. + +.. note:: + + Only BitBake and :term:`OpenEmbedded-Core (OE-Core)`, which is the ``meta`` + layer in Poky, guarantee complete reproducibility. The moment you add + another layer, this warranty is voided, because of additional configuration + files, ``bbappend`` files, overridden classes, etc. + +To run our automated selftest, as we use in our CI on the Autobuilder, you can +run:: + + oe-selftest -r reproducible.ReproducibleTests.test_reproducible_builds + +This defaults to including a ``world`` build so, if other layers are added, it would +also run the tests for recipes in the additional layers. The first build will be +run using :ref:`Shared State <overview-manual/concepts:Shared State>` if +available, the second build explicitly disables +:ref:`Shared State <overview-manual/concepts:Shared State>` and builds on the +specific host the build is running on. This means we can test reproducibility +builds between different host distributions over time on the Autobuilder. + +If ``OEQA_DEBUGGING_SAVED_OUTPUT`` is set, any differing packages will be saved +here. The test is also able to run the ``diffoscope`` command on the output to +generate HTML files showing the differences between the packages, to aid +debugging. On the Autobuilder, these appear under +https://autobuilder.yocto.io/pub/repro-fail/ in the form ``oe-reproducible + +<date> + <random ID>``, e.g. ``oe-reproducible-20200202-1lm8o1th``. + +The project's current reproducibility status can be seen at +:yocto_home:`/reproducible-build-results/` + +You can also check the reproducibility status on supported host distributions: + +- CentOS: :yocto_ab:`/typhoon/#/builders/reproducible-centos` +- Debian: :yocto_ab:`/typhoon/#/builders/reproducible-debian` +- Fedora: :yocto_ab:`/typhoon/#/builders/reproducible-fedora` +- Ubuntu: :yocto_ab:`/typhoon/#/builders/reproducible-ubuntu` + +=============================== +Can I test my layer or recipes? +=============================== + +Once again, you can run a ``world`` test using the +:ref:`oe-selftest <ref-manual/release-process:Testing and Quality Assurance>` +command provided above. This functionality is implemented +in :oe_git:`meta/lib/oeqa/selftest/cases/reproducible.py +</openembedded-core/tree/meta/lib/oeqa/selftest/cases/reproducible.py>`. + +You could subclass the test and change ``targets`` to a different target. + +You may also change ``sstate_targets`` which would allow you to "pre-cache" some +set of recipes before the test, meaning they are excluded from reproducibility +testing. As a practical example, you could set ``sstate_targets`` to +``core-image-sato``, then setting ``targets`` to ``core-image-sato-sdk`` would +run reproducibility tests only on the targets belonging only to ``core-image-sato-sdk``. diff --git a/poky/documentation/test-manual/yocto-project-compatible.rst b/poky/documentation/test-manual/yocto-project-compatible.rst new file mode 100644 index 000000000..a7897469f --- /dev/null +++ b/poky/documentation/test-manual/yocto-project-compatible.rst @@ -0,0 +1,124 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + +************************ +Yocto Project Compatible +************************ + +============ +Introduction +============ + +After the introduction of layers to OpenEmbedded, it quickly became clear +that while some layers were popular and worked well, others developed a +reputation for being "problematic". Those were layers which didn't +interoperate well with others and tended to assume they controlled all +the aspects of the final output. This usually isn't intentional but happens +because such layers are often created by developers with a particular focus +(e.g. a company's :term:`BSP<Board Support Package (BSP)>`) whilst the end +users have a different one (e.g. integrating that +:term:`BSP<Board Support Package (BSP)>` into a product). + +As a result of noticing such patterns and friction between layers, the project +developed the "Yocto Project Compatible" badge program, allowing layers +following the best known practises to be marked as being widely compatible +with other ones. This takes the form of a set of "yes/no" binary answer +questions where layers can declare if they meet the appropriate criteria. +In the second version of the program, a script was added to make validation +easier and clearer, the script is called ``yocto-check-layer`` and is +available in :term:`OpenEmbedded-Core (OE-Core)`. + +See :ref:`dev-manual/common-tasks:making sure your layer is compatible with yocto project` +for details. + +======== +Benefits +======== + +:ref:`overview-manual/yp-intro:the yocto project layer model` is powerful +and flexible: it gives users the ultimate power to change pretty much any +aspect of the system but as with most things, power comes with responsibility. +The Yocto Project would like to see people able to mix and match BSPs with +distro configs or software stacks and be able to merge succesfully. +Over time, the project identified characteristics in layers that allow them +to operate well together. "anti-patterns" were also found, preventing layers +from working well together. + +The intent of the compatibility program is simple: if the layer passes the +compatibility tests, it is considered "well behaved" and should operate +and cooperate well with other compatible layers. + +The benefits of compatibility can be seen from multiple different user and +member perspectives. From a hardware perspective +(a :ref:`overview-manual/concepts:bsp layer`), compatibility means the +hardware can be used in many different products and use cases without +impacting the software stacks being run with it. For a company developing +a product, compatibility gives you a specification / standard you can +require in a contract and then know it will have certain desired +characteristics for interoperability. It also puts constraints on how invasive +the code bases are into the rest of the system, meaning that multiple +different separate hardware support layers can coexist (e.g. for multiple +product lines from different hardware manufacturers). This can also make it +easier for one or more parties to upgrade those system components for security +purposes during the lifecycle of a product. + +================== +Validating a layer +================== + +The badges are available to members of the Yocto Project (as member benefit) +and to open source projects run on a non-commercial basis. However, anyone can +answer the questions and run the script. + +The project encourages all layer maintainers to review the questions and the +output from the script against their layer, as the way some layers are +constructed often has unintended consequences. The questions and the script +are designed to highlight known issues which are often easy to solve. This +makes layers easier to use and therefore more popular. + +It is intended that over time, the tests will evolve as new best known +practices are identified, and as new interoperability issues are found, +unnecessarily restricting layer interoperability. If anyone becomes aware of +either type, please let the project know through the +:yocto_home:`technical calls </public-virtual-meetings/>`, +the :yocto_home:`mailing lists </community/mailing-lists/>` +or through the :oe_wiki:`Technical Steering Committee (TSC) </TSC>`. +The TSC is responsible for the technical criteria used by the program. + +Layers are divided into three types: + +- :ref:`"BSP" or "hardware support"<overview-manual/concepts:bsp layer>` + layers contain support for particular pieces of hardware. This includes + kernel and boot loader configuration, and any recipes for firmware or + kernel modules needed for the hardware. Such layers usually correspond + to a :term:`MACHINE` setting. + +- :ref:`"distro" layers<overview-manual/concepts:distro layer>` defined + as layers providing configuration options and settings such as the + choice of init system, compiler and optimisation options, and + configuration and choices of software components. This would usually + correspond to a :term:`DISTRO` setting. + +- "software" layers are usually recipes. A layer might target a + particular graphical UI or software stack component. + +Here are key best practices the program tries to encourage: + +- A layer should clearly show who maintains it, and who change + submissions and bug reports should be sent to. + +- Where multiple types of functionality are present, the layer should + be internally divided into sublayers to separate these components. + That's because some users may only need one of them and separability + is a key best practice. + +- Adding a layer to a build should not modify that build, unless the + user changes a configuration setting to activate the layer, by selecting + a :term:`MACHINE`, a :term:`DISTRO` or a :term:`DISTRO_FEATURES` setting. + +The project does test the compatibility status of the core project layers on +its :doc:`Autobuilder </test-manual/understand-autobuilder>`. + +The official form to submit compatibility requests with is at +:yocto_home:`/ecosystem/branding/compatible-registration/`. +Applicants can display the badge they get when their application is successful. + |