Prototype "Reproducible Build" using current available Adopt jenkins job & infra framework and "build info" #2594

andrew-m-leonard · 2021-04-21T14:48:39Z

This is a work item for EPIC #2522.
The aim being to "prototype" an initial attempt at being able to "recreate" an Adopt build based on specifying the basic "build info" currently available for an existing "release", and assuming the current available "infra" setup.

Design:

Assumptions for 1st prototype:

Hotspot only
no installer
no signing

Spec:
Extend the current openjdk-pipeline & build jobs to take as extra inputs basic "build info":

Openjdk "mirror" source git "commit SHA" or "tag"
openjdk-build repo SHA
ci-jenkins-pipelines repo SHA

andrew-m-leonard · 2021-04-21T14:58:29Z

The Jenkins build jobs are currently "generated" whenever openjdk-build or ci-jenkins-pipelines changes occur. The contents of these jobs also contain an extended amount of JSON configuration/settings, both the job parameters and the JSON settings are specific to the build setup at the time of the release/build.
It thus makes sense to architect the prototype as a two step process:

"Generate" required level of openjdk-pipeline & build jobs based on "build info"
Execute the generated jobs..

andrew-m-leonard · 2021-04-30T08:37:07Z

So utilizing the Adopt Build job USER build scripts settings to point at a SHA of a level of the openjdk-build scripts you want to use (eg.January 19th CPU Update), is quite easy to do. Here is a build of January jdk-11.0.10+9 Hotspot Release: https://ci.adoptopenjdk.net/job/build-scripts/job/jobs/job/jdk11u/job/jdk11u-linux-x64-hotspot/960/parameters/
So this is a re-build using the january build scripts of the january source tag, using the current infrastructure and tooling.
Q: Is this "reproduced"? A: Maybe!
In reality all this has done has re-built that source SHA using the current infrastructure and tooling levels. So as such, it's probably using different versions of numerous dependencies, especially for non-container build platforms.
The build above was on xLinux, so the build container it was using was from the current adoptopenjdk/centos6_build_image image. Improvement could be achieved if we cached along side each release we mark as reproducible the docker build images used to build them, so that would improve reproducibility of platforms:

xLinux
pLinux
aarch64Linux
but not with:
Mac
Windows
zLinux
AIX
Docker build containers could be created with some work for Mac, Windows and zLinux, but AIX would be a problem.

andrew-m-leonard · 2021-04-30T10:47:19Z

Docker does have its limitations however, the use of dockerhub is one potential security exposure, with the reliance of storing/pulling images to build a secure JDK over the internet, not ideal.
Also Docker is not available on AIX.
An alternative approach maybe "cross-compiling" type setup, whereby the system dependency set is fixed through a defined location.

andrew-m-leonard · 2021-05-04T14:51:54Z

Rebuilding Jan CPU Update with the current Jenkins job:

https://ci.adoptopenjdk.net/job/build-scripts/job/jobs/job/jdk11u/job/jdk11u-linux-x64-hotspot/963/parameters/
Params:

{
    "ARCHITECTURE": "x64",
    "TARGET_OS": "linux",
    "VARIANT": "hotspot",
    "JAVA_TO_BUILD": "jdk11u",
    "TEST_LIST": [
        "sanity.openjdk",
        "sanity.system",
        "extended.system",
        "sanity.perf",
        "sanity.external"
    ],
    "SCM_REF": "jdk-11.0.10+9_adopt",
    "BUILD_ARGS": "",
    "NODE_LABEL": "build&&linux&&x64",
    "ADDITIONAL_TEST_LABEL": "",
    "KEEP_TEST_REPORTDIR": false,
    "ACTIVE_NODE_TIMEOUT": "",
    "CODEBUILD": false,
    "DOCKER_IMAGE": "adoptopenjdk/centos6_build_image@sha256:5655c9a66f4528210e307d033024bd65f5f736eac401fdeaed9dbc903b629a0c",
    "DOCKER_NODE": "",
    "DOCKER_REGISTRY": "",
    "DOCKER_CREDENTIAL": "",
    "PLATFORM_CONFIG_LOCATION": "AdoptOpenJDK/openjdk-build/master/build-farm/platform-specific-configurations",
    "CONFIGURE_ARGS": "--enable-dtrace=auto",
    "OVERRIDE_FILE_NAME_VERSION": "",
    "USE_ADOPT_SHELL_SCRIPTS": false,
    "RELEASE": true,
    "PUBLISH_NAME": "jdk-11.0.10+9",
    "ADOPT_BUILD_NUMBER": "",
    "ENABLE_TESTS": false,
    "ENABLE_INSTALLERS": true,
    "ENABLE_SIGNER": true,
    "CLEAN_WORKSPACE": true,
    "CLEAN_WORKSPACE_AFTER": true,
    "CLEAN_WORKSPACE_BUILD_OUTPUT_ONLY_AFTER": false
}

DEFAULTS_JSON:

  "defaultsUrl": "https://raw.githubusercontent.com/andrew-m-leonard/ci-jenkins-pipelines/myrepo/pipelines/defaults.json"

In the "defaultsUrl" location:

    "repository"             : {
        "build_url"          : "https://github.com/AdoptOpenJDK/openjdk-build.git",
        "build_branch"       : "ea53ac3d1623de5ecefdcd9aee3379a776be84b2",

build_branch SHA is of the openjdk-build scripts commit used to build Jan CPU update.

Note, DOCKER_IMAGE uses @sha256:56... SHA digest of docker image used to build. Didn't have the exact SHA digest, but this could be used if we did store it.

andrew-m-leonard · 2021-05-04T14:57:56Z

diffoscope of the original Release jdk.tar.gz and the Reproduced one, shows many differences, which is not surprising really, as things like timestamps are different everywhere, also any filelists or zip contents(eg.jmods) have files in different orders.
However, doing a high level look at the folders and libs, it seems identical,eg:
Original "lib":

-rw-r--r--  1 andrewleonard  staff      38933 20 Jan 12:17 classlist
-rw-r--r--  1 andrewleonard  staff    4496469 20 Jan 12:17 ct.sym
-rwxr-xr-x  1 andrewleonard  staff      13040 20 Jan 12:17 jexec
drwxr-xr-x  4 andrewleonard  staff        128 20 Jan 12:17 jfr
drwxr-xr-x  3 andrewleonard  staff         96 20 Jan 12:17 jli
-rw-r--r--  1 andrewleonard  staff     106676 20 Jan 12:17 jrt-fs.jar
-rwxr-xr-x  1 andrewleonard  staff      18408 20 Jan 12:17 jspawnhelper
-rw-r--r--  1 andrewleonard  staff         29 20 Jan 12:17 jvm.cfg
-rw-r--r--  1 andrewleonard  staff      13344 20 Jan 12:17 libattach.so
-rw-r--r--  1 andrewleonard  staff     752736 20 Jan 12:17 libawt.so
-rw-r--r--  1 andrewleonard  staff      44728 20 Jan 12:17 libawt_headless.so
-rw-r--r--  1 andrewleonard  staff     484632 20 Jan 12:17 libawt_xawt.so
-rw-r--r--  1 andrewleonard  staff      28216 20 Jan 12:17 libdt_socket.so
-rw-r--r--  1 andrewleonard  staff      12992 20 Jan 12:17 libextnet.so
-rw-r--r--  1 andrewleonard  staff      67984 20 Jan 12:17 libfontmanager.so
-rw-r--r--  1 andrewleonard  staff    1888936 20 Jan 12:17 libharfbuzz.so
-rw-r--r--  1 andrewleonard  staff      51512 20 Jan 12:17 libinstrument.so
-rw-r--r--  1 andrewleonard  staff      47496 20 Jan 12:17 libj2gss.so
-rw-r--r--  1 andrewleonard  staff      18024 20 Jan 12:17 libj2pcsc.so
-rw-r--r--  1 andrewleonard  staff      88992 20 Jan 12:17 libj2pkcs11.so
-rw-r--r--  1 andrewleonard  staff       8064 20 Jan 12:17 libjaas.so
-rw-r--r--  1 andrewleonard  staff     214128 20 Jan 12:17 libjava.so
-rw-r--r--  1 andrewleonard  staff     262728 20 Jan 12:17 libjavajpeg.so
-rw-r--r--  1 andrewleonard  staff       7984 20 Jan 12:17 libjawt.so
-rw-r--r--  1 andrewleonard  staff     282752 20 Jan 12:17 libjdwp.so
-rw-r--r--  1 andrewleonard  staff     596448 20 Jan 12:17 libjimage.so
-rw-r--r--  1 andrewleonard  staff      13248 20 Jan 12:17 libjsig.so
-rw-r--r--  1 andrewleonard  staff      82936 20 Jan 12:17 libjsound.so
-rw-r--r--  1 andrewleonard  staff     576856 20 Jan 12:17 liblcms.so
-rw-r--r--  1 andrewleonard  staff      26128 20 Jan 12:17 libmanagement.so
-rw-r--r--  1 andrewleonard  staff       8040 20 Jan 12:17 libmanagement_agent.so
-rw-r--r--  1 andrewleonard  staff      33744 20 Jan 12:17 libmanagement_ext.so
-rw-r--r--  1 andrewleonard  staff     585064 20 Jan 12:17 libmlib_image.so
-rw-r--r--  1 andrewleonard  staff     111792 20 Jan 12:17 libnet.so
-rw-r--r--  1 andrewleonard  staff      88120 20 Jan 12:17 libnio.so
-rw-r--r--  1 andrewleonard  staff       8224 20 Jan 12:17 libprefs.so
-rw-r--r--  1 andrewleonard  staff       7744 20 Jan 12:17 librmi.so
-rw-r--r--  1 andrewleonard  staff      55664 20 Jan 12:17 libsaproc.so
-rw-r--r--  1 andrewleonard  staff      28960 20 Jan 12:17 libsctp.so
-rw-r--r--  1 andrewleonard  staff     373816 20 Jan 12:17 libsplashscreen.so
-rw-r--r--  1 andrewleonard  staff     776960 20 Jan 12:17 libsunec.so
-rw-r--r--  1 andrewleonard  staff     672416 20 Jan 12:17 libunpack.so
-rw-r--r--  1 andrewleonard  staff      81432 20 Jan 12:17 libverify.so
-rw-r--r--  1 andrewleonard  staff      37616 20 Jan 12:17 libzip.so
-rw-r--r--  1 andrewleonard  staff  142006963 20 Jan 12:17 modules
-rw-r--r--  1 andrewleonard  staff       3793 20 Jan 12:17 psfont.properties.ja
-rw-r--r--  1 andrewleonard  staff      11390 20 Jan 12:17 psfontj2d.properties
drwxr-xr-x  6 andrewleonard  staff        192 20 Jan 12:17 security
drwxr-xr-x  5 andrewleonard  staff        160 20 Jan 12:17 server
-rw-r--r--  1 andrewleonard  staff   58148661 20 Jan 12:17 src.zip
-rw-r--r--  1 andrewleonard  staff     107853 20 Jan 12:17 tzdb.dat

Reproduced "lib":

-rw-r--r--  1 andrewleonard  staff      38933 30 Apr 11:07 classlist
-rw-r--r--  1 andrewleonard  staff    4496469 30 Apr 11:07 ct.sym
-rwxr-xr-x  1 andrewleonard  staff      13040 30 Apr 11:07 jexec
drwxr-xr-x  4 andrewleonard  staff        128 30 Apr 11:07 jfr
drwxr-xr-x  3 andrewleonard  staff         96 30 Apr 11:07 jli
-rw-r--r--  1 andrewleonard  staff     106676 30 Apr 11:07 jrt-fs.jar
-rwxr-xr-x  1 andrewleonard  staff      18408 30 Apr 11:07 jspawnhelper
-rw-r--r--  1 andrewleonard  staff         29 30 Apr 11:07 jvm.cfg
-rw-r--r--  1 andrewleonard  staff      13344 30 Apr 11:07 libattach.so
-rw-r--r--  1 andrewleonard  staff     752736 30 Apr 11:07 libawt.so
-rw-r--r--  1 andrewleonard  staff      44728 30 Apr 11:07 libawt_headless.so
-rw-r--r--  1 andrewleonard  staff     484632 30 Apr 11:07 libawt_xawt.so
-rw-r--r--  1 andrewleonard  staff      28216 30 Apr 11:07 libdt_socket.so
-rw-r--r--  1 andrewleonard  staff      12992 30 Apr 11:07 libextnet.so
-rw-r--r--  1 andrewleonard  staff      67984 30 Apr 11:07 libfontmanager.so
-rw-r--r--  1 andrewleonard  staff    1888936 30 Apr 11:07 libharfbuzz.so
-rw-r--r--  1 andrewleonard  staff      51512 30 Apr 11:07 libinstrument.so
-rw-r--r--  1 andrewleonard  staff      47496 30 Apr 11:07 libj2gss.so
-rw-r--r--  1 andrewleonard  staff      18024 30 Apr 11:07 libj2pcsc.so
-rw-r--r--  1 andrewleonard  staff      88992 30 Apr 11:07 libj2pkcs11.so
-rw-r--r--  1 andrewleonard  staff       8064 30 Apr 11:07 libjaas.so
-rw-r--r--  1 andrewleonard  staff     214128 30 Apr 11:07 libjava.so
-rw-r--r--  1 andrewleonard  staff     262728 30 Apr 11:07 libjavajpeg.so
-rw-r--r--  1 andrewleonard  staff       7984 30 Apr 11:07 libjawt.so
-rw-r--r--  1 andrewleonard  staff     282752 30 Apr 11:07 libjdwp.so
-rw-r--r--  1 andrewleonard  staff     596448 30 Apr 11:07 libjimage.so
-rw-r--r--  1 andrewleonard  staff      13248 30 Apr 11:07 libjsig.so
-rw-r--r--  1 andrewleonard  staff      82936 30 Apr 11:07 libjsound.so
-rw-r--r--  1 andrewleonard  staff     576856 30 Apr 11:07 liblcms.so
-rw-r--r--  1 andrewleonard  staff      26128 30 Apr 11:07 libmanagement.so
-rw-r--r--  1 andrewleonard  staff       8040 30 Apr 11:07 libmanagement_agent.so
-rw-r--r--  1 andrewleonard  staff      33744 30 Apr 11:07 libmanagement_ext.so
-rw-r--r--  1 andrewleonard  staff     585064 30 Apr 11:07 libmlib_image.so
-rw-r--r--  1 andrewleonard  staff     111792 30 Apr 11:07 libnet.so
-rw-r--r--  1 andrewleonard  staff      88120 30 Apr 11:07 libnio.so
-rw-r--r--  1 andrewleonard  staff       8224 30 Apr 11:07 libprefs.so
-rw-r--r--  1 andrewleonard  staff       7744 30 Apr 11:07 librmi.so
-rw-r--r--  1 andrewleonard  staff      55664 30 Apr 11:07 libsaproc.so
-rw-r--r--  1 andrewleonard  staff      28960 30 Apr 11:07 libsctp.so
-rw-r--r--  1 andrewleonard  staff     373816 30 Apr 11:07 libsplashscreen.so
-rw-r--r--  1 andrewleonard  staff     776960 30 Apr 11:07 libsunec.so
-rw-r--r--  1 andrewleonard  staff     672416 30 Apr 11:07 libunpack.so
-rw-r--r--  1 andrewleonard  staff      81432 30 Apr 11:07 libverify.so
-rw-r--r--  1 andrewleonard  staff      37616 30 Apr 11:07 libzip.so
-rw-r--r--  1 andrewleonard  staff  142006992 30 Apr 11:07 modules
-rw-r--r--  1 andrewleonard  staff       3793 30 Apr 11:07 psfont.properties.ja
-rw-r--r--  1 andrewleonard  staff      11390 30 Apr 11:07 psfontj2d.properties
drwxr-xr-x  6 andrewleonard  staff        192 30 Apr 11:07 security
drwxr-xr-x  5 andrewleonard  staff        160 30 Apr 11:07 server
-rw-r--r--  1 andrewleonard  staff   58148665 30 Apr 11:07 src.zip
-rw-r--r--  1 andrewleonard  staff     107853 30 Apr 11:07 tzdb.dat

The only two files differing in size are "modules" and "src.zip":

-rw-r--r--  1 andrewleonard  staff  142006963 20 Jan 12:17 modules
-rw-r--r--  1 andrewleonard  staff   58148661 20 Jan 12:17 src.zip

-rw-r--r--  1 andrewleonard  staff  142006992 30 Apr 11:07 modules
-rw-r--r--  1 andrewleonard  staff   58148665 30 Apr 11:07 src.zip

andrew-m-leonard · 2021-05-04T15:15:43Z

Some jmods Release vs Reproduce:

-rw-r--r--  1 andrewleonard  staff  21632332 20 Jan 12:17 java.base.jmod
-rw-r--r--  1 andrewleonard  staff    119087 20 Jan 12:17 java.compiler.jmod
-rw-r--r--  1 andrewleonard  staff     58585 20 Jan 12:17 java.datatransfer.jmod
-rw-r--r--  1 andrewleonard  staff  13577286 20 Jan 12:17 java.desktop.jmod
-rw-r--r--  1 andrewleonard  staff    416817 20 Jan 12:17 jdk.internal.vm.ci.jmod
-rw-r--r--  1 andrewleonard  staff   6178633 20 Jan 12:17 jdk.internal.vm.compiler.jmod
-rw-r--r--  1 andrewleonard  staff     20467 20 Jan 12:17 jdk.internal.vm.compiler.management.jmod

-rw-r--r--  1 andrewleonard  staff  21632178 30 Apr 11:07 java.base.jmod
-rw-r--r--  1 andrewleonard  staff    119087 30 Apr 11:07 java.compiler.jmod
-rw-r--r--  1 andrewleonard  staff     58585 30 Apr 11:07 java.datatransfer.jmod
-rw-r--r--  1 andrewleonard  staff  13577286 30 Apr 11:07 java.desktop.jmod
-rw-r--r--  1 andrewleonard  staff    416817 30 Apr 11:07 jdk.internal.vm.ci.jmod
-rw-r--r--  1 andrewleonard  staff   6178634 30 Apr 11:07 jdk.internal.vm.compiler.jmod
-rw-r--r--  1 andrewleonard  staff     20467 30 Apr 11:07 jdk.internal.vm.compiler.management.jmod

Minor size differences.

andrew-m-leonard · 2021-05-05T12:03:27Z

There are several important aspects of "Reproducibility" that all work together:

Being able to "re-build" a release, re-producing the "same output"
Knowing exactly all the "dependencies" and "infra" to build a given release, and knowing each and every one of them is "secure" and "not vulnerable"
Security (access/auth) of the "infra" and all servers used for storing "dependencies"
Auditable "change management" on all "infra", "tooling" and "dependency servers"

andrew-m-leonard · 2021-05-07T10:37:19Z

Leading on from the "import aspects", we ought to clarify the "Requirements" again with those aspects in mind, and also reproducible-builds.org "How?":

1. "Re-build" a release, re-producing the "same output"

"build system needs to be made entirely deterministic" & "build environment should either be recorded or pre-defined":
- Know exactly all the "tooling", "dependencies" and "infra" to build a given release
- Know exactly the version of "builds scripts" used to build a given release
"validate that the output matches the original build":
- A "method" is required to validate that a reproduced build is in fact the same as the original release

2. Security (access/auth) of the "infra" and all servers used for storing "dependencies"

Source of "build scripts", "tooling" and "dependencies" must be "trusted" and "verified"
Access to "infra" must be under "access control", and "audited"

3. Auditable "change management" on all "infra", "tooling" and "dependency servers"

All changes to "build-scripts", "tooling" and "dependency" servers must be "change controlled"
All changes to build "infra" must be "change controlled", no ad-hoc changes to production infra

andrew-m-leonard · 2021-05-12T14:14:51Z

Prototype setting up a new ubuntu 20.04 jdk17 hotspot build environment within a docker container:

Create base container

docker pull ubuntu:20.04

Start container:

docker run -i -t <container ID> /bin/bash

Install dependencies:

git

root@06acd4f5d2a9:/# apt install git
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  ca-certificates git-man krb5-locales less libasn1-8-heimdal libbrotli1 libbsd0 libcbor0.6 libcurl3-gnutls libedit2 liberror-perl libexpat1
  libfido2-1 libgdbm-compat4 libgdbm6 libgssapi-krb5-2 libgssapi3-heimdal libhcrypto4-heimdal libheimbase1-heimdal libheimntlm0-heimdal
  libhx509-5-heimdal libk5crypto3 libkeyutils1 libkrb5-26-heimdal libkrb5-3 libkrb5support0 libldap-2.4-2 libldap-common libnghttp2-14 libperl5.30
  libpsl5 libroken18-heimdal librtmp1 libsasl2-2 libsasl2-modules libsasl2-modules-db libsqlite3-0 libssh-4 libssl1.1 libwind0-heimdal libx11-6
  libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 netbase openssh-client openssl patch perl perl-modules-5.30 publicsuffix xauth
Suggested packages:
  gettext-base git-daemon-run | git-daemon-sysvinit git-doc git-el git-email git-gui gitk gitweb git-cvs git-mediawiki git-svn gdbm-l10n krb5-doc
  krb5-user libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal libsasl2-modules-ldap libsasl2-modules-otp libsasl2-modules-sql keychain
  libpam-ssh monkeysphere ssh-askpass ed diffutils-doc perl-doc libterm-readline-gnu-perl | libterm-readline-perl-perl make libb-debug-perl
  liblocale-codes-perl
The following NEW packages will be installed:
  ca-certificates git git-man krb5-locales less libasn1-8-heimdal libbrotli1 libbsd0 libcbor0.6 libcurl3-gnutls libedit2 liberror-perl libexpat1
  libfido2-1 libgdbm-compat4 libgdbm6 libgssapi-krb5-2 libgssapi3-heimdal libhcrypto4-heimdal libheimbase1-heimdal libheimntlm0-heimdal
  libhx509-5-heimdal libk5crypto3 libkeyutils1 libkrb5-26-heimdal libkrb5-3 libkrb5support0 libldap-2.4-2 libldap-common libnghttp2-14 libperl5.30
  libpsl5 libroken18-heimdal librtmp1 libsasl2-2 libsasl2-modules libsasl2-modules-db libsqlite3-0 libssh-4 libssl1.1 libwind0-heimdal libx11-6
  libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 netbase openssh-client openssl patch perl perl-modules-5.30 publicsuffix xauth
0 upgraded, 56 newly installed, 0 to remove and 0 not upgraded.

As you can see installing "git" alone installs 56 new pkgs, do we need to record all those?

Dependency scanning?

We could install all the required dependencies, then simply "scan"/"list" ALL the pkgs and "record" those as "build info"? What does that achieve? Not sure it's reproducible, as not easy to re-build with that exact set of 100s of specific versions.

andrew-m-leonard · 2021-05-13T08:40:13Z

An excellent project working on and discussing various approaches and issues with reproducible builds: https://wiki.yoctoproject.org/wiki/Reproducible_Builds

andrew-m-leonard · 2021-05-13T09:47:52Z

From the evidence my thinking the difficulty in achieving "exact binary reproducibility" and keeping it there actually don't achieve enough benefit for the cost, the continual effort to fix upstream and other tooling products that might be introducing a single timestamp where you don't want it is simply not a useful use of effort. We ought to concentrate on the benefits that "reproducible builds" is aiming to achieve,eg.trusted supply chain.

sxa · 2021-05-13T10:25:08Z

As you can see installing "git" alone installs 56 new pkgs, do we need to record all those?

Since git is not directly used as part of the build itself (another git version will generally extract the same source, a different version of the build tools will not necessarily produce the same output) I'd tentatively say no (at least as a first pass) although recording all versions used for a build is probably useful.

andrew-m-leonard · 2021-05-13T12:36:31Z

openjdk16 at a minimum is required for "reproducible" Java apps, as prior to that things like jmods/jars had random "hashes"

andrew-m-leonard · 2021-05-13T13:44:21Z

strace -ff -e trace=openat cat /etc/vdpau_wrapper.cfg
openat(AT_FDCWD, “/etc/ld.so.cache”, O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, “/lib64/libc.so.6”, O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, “/usr/lib/locale/locale-archive”, O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, “/etc/vdpau_wrapper.cfg”, O_RDONLY) = 3
enable_flash_uv_swap=1
disable_flash_pq_bg_color=1
+++ exited with 0 +++

stap -e ‘probe syscall.open { printf (“UID %d: %s(%d) open (%s)\n”, uid(), execname(), pid(), argstr) }’

andrew-m-leonard · 2021-05-13T14:55:39Z

Tooling:

git
build-essential:

The following NEW packages will be installed:
  binutils binutils-common binutils-x86-64-linux-gnu build-essential cpp cpp-9 dpkg-dev g++ g++-9 gcc gcc-9 gcc-9-base libasan5
  libatomic1 libbinutils libc-dev-bin libc6-dev libcc1-0 libcrypt-dev libctf-nobfd0 libctf0 libdpkg-perl libgcc-9-dev libgomp1
  libisl22 libitm1 liblsan0 libmpc3 libmpfr6 libquadmath0 libstdc++-9-dev libtsan0 libubsan1 linux-libc-dev make xz-utils

apt list -a :

binutils-common/focal-updates,focal-security,now 2.34-6ubuntu1.1 amd64 [installed,automatic]
binutils-common/focal 2.34-6ubuntu1 amd64

binutils-x86-64-linux-gnu/focal-updates,focal-security,now 2.34-6ubuntu1.1 amd64 [installed,automatic]
binutils-x86-64-linux-gnu/focal 2.34-6ubuntu1 amd64

binutils/focal-updates,focal-security,now 2.34-6ubuntu1.1 amd64 [installed,automatic]
binutils/focal 2.34-6ubuntu1 amd64

build-essential/focal-updates,now 12.8ubuntu1.1 amd64 [installed]
build-essential/focal 12.8ubuntu1 amd64

cpp-9/focal-updates,focal-security,now 9.3.0-17ubuntu1~20.04 amd64 [installed,automatic]
cpp-9/focal 9.3.0-10ubuntu2 amd64

cpp/focal,now 4:9.3.0-1ubuntu2 amd64 [installed,automatic]

dpkg-dev/focal,now 1.19.7ubuntu3 all [installed,automatic]

g++-9/focal-updates,focal-security,now 9.3.0-17ubuntu1~20.04 amd64 [installed,automatic]
g++-9/focal 9.3.0-10ubuntu2 amd64

g++/focal,now 4:9.3.0-1ubuntu2 amd64 [installed,automatic]

gcc-9-base/focal-updates,focal-security,now 9.3.0-17ubuntu1~20.04 amd64 [installed,automatic]
gcc-9-base/focal 9.3.0-10ubuntu2 amd64

gcc-9/focal-updates,focal-security,now 9.3.0-17ubuntu1~20.04 amd64 [installed,automatic]
gcc-9/focal 9.3.0-10ubuntu2 amd64

gcc/focal,now 4:9.3.0-1ubuntu2 amd64 [installed,automatic]

libasan5/focal-updates,focal-security,now 9.3.0-17ubuntu1~20.04 amd64 [installed,automatic]
libasan5/focal 9.3.0-10ubuntu2 amd64

libatomic1/focal-updates,focal-security,now 10.2.0-5ubuntu1~20.04 amd64 [installed,automatic]
libatomic1/focal 10-20200411-0ubuntu1 amd64

libbinutils/focal-updates,focal-security,now 2.34-6ubuntu1.1 amd64 [installed,automatic]
libbinutils/focal 2.34-6ubuntu1 amd64

libc-dev-bin/focal-updates,now 2.31-0ubuntu9.2 amd64 [installed,automatic]
libc-dev-bin/focal 2.31-0ubuntu9 amd64

libc6-dev/focal-updates,now 2.31-0ubuntu9.2 amd64 [installed,automatic]
libc6-dev/focal 2.31-0ubuntu9 amd64

libcc1-0/focal-updates,focal-security,now 10.2.0-5ubuntu1~20.04 amd64 [installed,automatic]
libcc1-0/focal 10-20200411-0ubuntu1 amd64

libcrypt-dev/focal,now 1:4.4.10-10ubuntu4 amd64 [installed,automatic]

libctf-nobfd0/focal-updates,focal-security,now 2.34-6ubuntu1.1 amd64 [installed,automatic]
libctf-nobfd0/focal 2.34-6ubuntu1 amd64

libctf0/focal-updates,focal-security,now 2.34-6ubuntu1.1 amd64 [installed,automatic]
libctf0/focal 2.34-6ubuntu1 amd64

libdpkg-perl/focal,now 1.19.7ubuntu3 all [installed,automatic]

libgcc-9-dev/focal-updates,focal-security,now 9.3.0-17ubuntu1~20.04 amd64 [installed,automatic]
libgcc-9-dev/focal 9.3.0-10ubuntu2 amd64

libgomp1/focal-updates,focal-security,now 10.2.0-5ubuntu1~20.04 amd64 [installed,automatic]
libgomp1/focal 10-20200411-0ubuntu1 amd64

libisl22/focal,now 0.22.1-1 amd64 [installed,automatic]

libitm1/focal-updates,focal-security,now 10.2.0-5ubuntu1~20.04 amd64 [installed,automatic]
libitm1/focal 10-20200411-0ubuntu1 amd64

liblsan0/focal-updates,focal-security,now 10.2.0-5ubuntu1~20.04 amd64 [installed,automatic]
liblsan0/focal 10-20200411-0ubuntu1 amd64

libmpc3/focal,now 1.1.0-1 amd64 [installed,automatic]

libmpfr6/focal,now 4.0.2-1 amd64 [installed,automatic]

libquadmath0/focal-updates,focal-security,now 10.2.0-5ubuntu1~20.04 amd64 [installed,automatic]
libquadmath0/focal 10-20200411-0ubuntu1 amd64

libstdc++-9-dev/focal-updates,focal-security,now 9.3.0-17ubuntu1~20.04 amd64 [installed,automatic]
libstdc++-9-dev/focal 9.3.0-10ubuntu2 amd64

libtsan0/focal-updates,focal-security,now 10.2.0-5ubuntu1~20.04 amd64 [installed,automatic]
libtsan0/focal 10-20200411-0ubuntu1 amd64

libubsan1/focal-updates,focal-security,now 10.2.0-5ubuntu1~20.04 amd64 [installed,automatic]
libubsan1/focal 10-20200411-0ubuntu1 amd64

linux-libc-dev/focal-updates,focal-security,now 5.4.0-73.82 amd64 [installed,automatic]
linux-libc-dev/focal 5.4.0-26.30 amd64

make/focal,now 4.2.1-1.2 amd64 [installed,automatic]

xz-utils/focal-updates,now 5.2.4-1ubuntu1 amd64 [installed,automatic]
xz-utils/focal 5.2.4-1 amd64

curl:

The following NEW packages will be installed:
  curl libcurl4

apt list -a

curl/focal-updates,focal-security,now 7.68.0-1ubuntu2.5 amd64 [installed]
curl/focal 7.68.0-1ubuntu2 amd64

libcurl4/focal-updates,focal-security,now 7.68.0-1ubuntu2.5 amd64 [installed,automatic]
libcurl4/focal 7.68.0-1ubuntu2 amd64

BootJDK from a trusted location: AdoptOpenJDK jdk-16.0.1+9
gunzip (System)
tar (System)
autoconf

The following NEW packages will be installed:
  autoconf libsigsegv2 m4

apt list -a

autoconf/focal,now 2.69-11.1 all [installed]

libsigsegv2/focal,now 2.12-2 amd64 [installed,automatic]

m4/focal,now 1.4.18-4 amd64 [installed,automatic]

file

The following NEW packages will be installed:
  file libmagic-mgc libmagic1

apt list -a

file/focal,now 1:5.38-4 amd64 [installed]

libmagic-mgc/focal,now 1:5.38-4 amd64 [installed,automatic]

libmagic1/focal,now 1:5.38-4 amd64 [installed,automatic]

unzip

The following NEW packages will be installed:
  unzip

apt list -a

unzip/focal,now 6.0-25ubuntu1 amd64 [installed]

zip

The following NEW packages will be installed:
  zip

apt list -a

zip/focal,now 3.0-11build1 amd64 [installed]

apt-get install libx11-dev libxext-dev libxrender-dev libxrandr-dev libxtst-dev libxt-dev

The following NEW packages will be installed:
  libice-dev libice6 libpthread-stubs0-dev libsm-dev libsm6 libxau-dev libxcb1-dev libxdmcp-dev libxfixes-dev libxfixes3
  lib xi-dev libxi6 libxrandr2 libxrender1 libxt6 libxtst6 x11-common x11proto-core-dev x11proto-dev x11proto-input-dev
  x11proto-randr-dev x11proto-record-dev x11proto-xext-dev xorg-sgml-doctools xtrans-dev

apt list -a

libice-dev/focal,now 2:1.0.10-0ubuntu1 amd64 [installed,automatic]

libice6/focal,now 2:1.0.10-0ubuntu1 amd64 [installed,automatic]

libpthread-stubs0-dev/focal,now 0.4-1 amd64 [installed,automatic]

libsm-dev/focal,now 2:1.2.3-1 amd64 [installed,automatic]

libsm6/focal,now 2:1.2.3-1 amd64 [installed,automatic]

libxau-dev/focal,now 1:1.0.9-0ubuntu1 amd64 [installed,automatic]

libxcb1-dev/focal,now 1.14-2 amd64 [installed,automatic]

libxdmcp-dev/focal,now 1:1.1.3-0ubuntu1 amd64 [installed,automatic]

libxfixes-dev/focal,now 1:5.0.3-2 amd64 [installed,automatic]

libxfixes3/focal,now 1:5.0.3-2 amd64 [installed,automatic]

libxi-dev/focal,now 2:1.7.10-0ubuntu1 amd64 [installed,automatic]

libxi6/focal,now 2:1.7.10-0ubuntu1 amd64 [installed,automatic]

libxrandr2/focal,now 2:1.5.2-0ubuntu1 amd64 [installed,automatic]

libxrender1/focal,now 1:0.9.10-1 amd64 [installed,automatic]

libxt6/focal,now 1:1.1.5-1 amd64 [installed,automatic]

libxtst6/focal,now 2:1.2.3-1 amd64 [installed,automatic]

x11-common/focal,now 1:7.7+19ubuntu14 all [installed,automatic]

x11proto-core-dev/focal,now 2019.2-1ubuntu1 all [installed,automatic]

x11proto-dev/focal,now 2019.2-1ubuntu1 all [installed,automatic]

x11proto-input-dev/focal,now 2019.2-1ubuntu1 all [installed,automatic]

x11proto-randr-dev/focal,now 2019.2-1ubuntu1 all [installed,automatic]

x11proto-record-dev/focal,now 2019.2-1ubuntu1 all [installed,automatic]

x11proto-xext-dev/focal,now 2019.2-1ubuntu1 all [installed,automatic]

xorg-sgml-doctools/focal,now 1:1.11-1 all [installed,automatic]

xtrans-dev/focal,now 1.4.0-1 all [installed,automatic]

cups

The following NEW packages will be installed:
  libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libcups2-dev libcupsimage2 libcupsimage2-dev libdbus-1-3
  libjbig-dev libjbig0 libjpeg-dev libjpeg-turbo8 libjpeg-turbo8-dev libjpeg8 libjpeg8-dev liblzma-dev libpng-dev libpng16-16
  libtiff-dev libtiff5 libtiffxx5 libwebp6 zlib1g-dev

apt list -a

libavahi-client3/focal,now 0.7-4ubuntu7 amd64 [installed,automatic]

libavahi-common-data/focal,now 0.7-4ubuntu7 amd64 [installed,automatic]

libavahi-common3/focal,now 0.7-4ubuntu7 amd64 [installed,automatic]

libcups2-dev/focal-updates,focal-security,now 2.3.1-9ubuntu1.1 amd64 [installed]
libcups2-dev/focal 2.3.1-9ubuntu1 amd64

libcups2/focal-updates,focal-security,now 2.3.1-9ubuntu1.1 amd64 [installed,automatic]
libcups2/focal 2.3.1-9ubuntu1 amd64

libcupsimage2-dev/focal-updates,focal-security,now 2.3.1-9ubuntu1.1 amd64 [installed,automatic]
libcupsimage2-dev/focal 2.3.1-9ubuntu1 amd64

libcupsimage2/focal-updates,focal-security,now 2.3.1-9ubuntu1.1 amd64 [installed,automatic]
libcupsimage2/focal 2.3.1-9ubuntu1 amd64

libdbus-1-3/focal-updates,focal-security,now 1.12.16-2ubuntu2.1 amd64 [installed,automatic]
libdbus-1-3/focal 1.12.16-2ubuntu2 amd64

libjbig-dev/focal,now 2.1-3.1build1 amd64 [installed,automatic]

libjbig0/focal,now 2.1-3.1build1 amd64 [installed,automatic]

libjpeg-dev/focal,now 8c-2ubuntu8 amd64 [installed,automatic]

libjpeg-turbo8-dev/focal-updates,focal-security,now 2.0.3-0ubuntu1.20.04.1 amd64 [installed,automatic]
libjpeg-turbo8-dev/focal 2.0.3-0ubuntu1 amd64

libjpeg-turbo8/focal-updates,focal-security,now 2.0.3-0ubuntu1.20.04.1 amd64 [installed,automatic]
libjpeg-turbo8/focal 2.0.3-0ubuntu1 amd64

libjpeg8-dev/focal,now 8c-2ubuntu8 amd64 [installed,automatic]

libjpeg8/focal,now 8c-2ubuntu8 amd64 [installed,automatic]

liblzma-dev/focal-updates,now 5.2.4-1ubuntu1 amd64 [installed,automatic]
liblzma-dev/focal 5.2.4-1 amd64

libpng-dev/focal,now 1.6.37-2 amd64 [installed,automatic]

libpng16-16/focal,now 1.6.37-2 amd64 [installed,automatic]

libtiff-dev/focal-updates,focal-security,now 4.1.0+git191117-2ubuntu0.20.04.1 amd64 [installed,automatic]
libtiff-dev/focal 4.1.0+git191117-2build1 amd64

libtiff5/focal-updates,focal-security,now 4.1.0+git191117-2ubuntu0.20.04.1 amd64 [installed,automatic]
libtiff5/focal 4.1.0+git191117-2build1 amd64

libtiffxx5/focal-updates,focal-security,now 4.1.0+git191117-2ubuntu0.20.04.1 amd64 [installed,automatic]
libtiffxx5/focal 4.1.0+git191117-2build1 amd64

libwebp6/focal,now 0.6.1-2 amd64 [installed,automatic]

zlib1g-dev/focal-updates,now 1:1.2.11.dfsg-2ubuntu1.2 amd64 [installed,automatic]
zlib1g-dev/focal 1:1.2.11.dfsg-2ubuntu1 amd64

fontconfig

The following NEW packages will be installed:
  fontconfig fontconfig-config fonts-dejavu-core libfontconfig1 libfreetype6 ucf

apt list -a

fontconfig-config/focal,now 2.13.1-2ubuntu3 all [installed,automatic]

fontconfig/focal,now 2.13.1-2ubuntu3 amd64 [installed]

fonts-dejavu-core/focal,now 2.37-1 all [installed,automatic]

libfontconfig1/focal,now 2.13.1-2ubuntu3 amd64 [installed,automatic]

libfreetype6/focal-updates,focal-security,now 2.10.1-2ubuntu0.1 amd64 [installed,automatic]
libfreetype6/focal 2.10.1-2 amd64

ucf/focal,now 3.0038+nmu1 all [installed,automatic]

libfontconfig1-dev

The following additional packages will be installed:
  libexpat1-dev libfreetype-dev libfreetype6-dev libglib2.0-0 pkg-config uuid-dev

apt list -a

libexpat1-dev/focal,now 2.2.9-1build1 amd64 [installed,automatic]

libfreetype-dev/focal-updates,focal-security,now 2.10.1-2ubuntu0.1 amd64 [installed,automatic]
libfreetype-dev/focal 2.10.1-2 amd64

libfreetype6-dev/focal-updates,focal-security,now 2.10.1-2ubuntu0.1 amd64 [installed,automatic]
libfreetype6-dev/focal 2.10.1-2 amd64

libglib2.0-0/focal-updates,focal-security,now 2.64.6-1~ubuntu20.04.3 amd64 [installed,automatic]
libglib2.0-0/focal 2.64.2-1~fakesync1 amd64

pkg-config/focal,now 0.29.1-0ubuntu4 amd64 [installed,automatic]

uuid-dev/focal-updates,now 2.34-0.1ubuntu9.1 amd64 [installed,automatic]
uuid-dev/focal 2.34-0.1ubuntu9 amd64

alsa

The following additional packages will be installed:
  alsa-topology-conf alsa-ucm-conf libasound2 libasound2-data

apt list -a

alsa-topology-conf/focal,now 1.2.2-1 all [installed,automatic]

alsa-ucm-conf/focal-updates,now 1.2.2-1ubuntu0.7 all [installed,automatic]
alsa-ucm-conf/focal 1.2.2-1 all

libasound2-data/focal-updates,now 1.2.2-2.1ubuntu2.4 all [installed,automatic]
libasound2-data/focal 1.2.2-2.1 all

libasound2/focal-updates,now 1.2.2-2.1ubuntu2.4 amd64 [installed,automatic]
libasound2/focal 1.2.2-2.1 amd64

andrew-m-leonard · 2021-05-14T10:05:52Z

Had a go at installing and running SystemTap, unsuccessfully, issues with environment and compiling it, looks like system debug image is required. Seems a bit too low level for something we would use as part of a build.

andrew-m-leonard · 2021-05-14T10:31:23Z

strace is far easier and usable to use, however the output from running a jdk build is huge, as a trace file is created per process, and 1000s of processes are created to perform a JDK build. Here is a tiny section of the "grep'ing" for "include" output within a "delta" re-build of a JDK when changing just a single .c file:

strace.out.4873:openat(AT_FDCWD, "/jdk/src/hotspot/share/include/bits/sigaction.h", O_RDONLY|O_NOCTTY) = -1 ENOENT (No such file or directory)
strace.out.4873:openat(AT_FDCWD, "/jdk/src/hotspot/os/posix/include/bits/sigaction.h", O_RDONLY|O_NOCTTY) = -1 ENOENT (No such file or directory)
strace.out.4873:openat(AT_FDCWD, "/usr/lib/gcc/x86_64-linux-gnu/9/include/bits/sigaction.h", O_RDONLY|O_NOCTTY) = -1 ENOENT (No such file or directory)
strace.out.4873:openat(AT_FDCWD, "/usr/local/include/bits/sigaction.h", O_RDONLY|O_NOCTTY) = -1 ENOENT (No such file or directory)
strace.out.4873:openat(AT_FDCWD, "/usr/include/x86_64-linux-gnu/bits/sigaction.h", O_RDONLY|O_NOCTTY) = 6
strace.out.4873:openat(AT_FDCWD, "/jdk/build/linux-x86_64-server-release/support/modules_include/java.base/bits/sigcontext.h", O_RDONLY|O_NOCTTY) = -1 ENOENT (No such file or directory)
strace.out.4873:openat(AT_FDCWD, "/jdk/build/linux-x86_64-server-release/support/modules_include/java.base/linux/bits/sigcontext.h", O_RDONLY|O_NOCTTY) = -1 ENOENT (No such file or directory)
strace.out.4873:openat(AT_FDCWD, "/jdk/src/hotspot/share/include/bits/sigcontext.h", O_RDONLY|O_NOCTTY) = -1 ENOENT (No such file or directory)
strace.out.4873:openat(AT_FDCWD, "/jdk/src/hotspot/os/posix/include/bits/sigcontext.h", O_RDONLY|O_NOCTTY) = -1 ENOENT (No such file or directory)
strace.out.4873:openat(AT_FDCWD, "/usr/lib/gcc/x86_64-linux-gnu/9/include/bits/sigcontext.h", O_RDONLY|O_NOCTTY) = -1 ENOENT (No such file or directory)
strace.out.4873:openat(AT_FDCWD, "/usr/local/include/bits/sigcontext.h", O_RDONLY|O_NOCTTY) = -1 ENOENT (No such file or directory)
strace.out.4873:openat(AT_FDCWD, "/usr/include/x86_64-linux-gnu/bits/sigcontext.h", O_RDONLY|O_NOCTTY) = 6
strace.out.4873:openat(AT_FDCWD, "/usr/lib/gcc/x86_64-linux-gnu/9/include/stddef.h", O_RDONLY|O_NOCTTY) = 6
strace.out.4873:openat(AT_FDCWD, "/jdk/build/linux-x86_64-server-release/support/modules_include/java.base/bits/types/stack_t.h", O_RDONLY|O_NOCTTY) = -1 ENOENT (No such file or directory)
strace.out.4873:openat(AT_FDCWD, "/jdk/build/linux-x86_64-server-release/support/modules_include/java.base/linux/bits/types/stack_t.h", O_RDONLY|O_NOCTTY) = -1 ENOENT (No such file or directory)
strace.out.4873:openat(AT_FDCWD, "/jdk/src/hotspot/share/include/bits/types/stack_t.h", O_RDONLY|O_NOCTTY) = -1 ENOENT (No such file or directory)
strace.out.4873:openat(AT_FDCWD, "/jdk/src/hotspot/os/posix/include/bits/types/stack_t.h", O_RDONLY|O_NOCTTY) = -1 ENOENT (No such file or directory)
strace.out.4873:openat(AT_FDCWD, "/usr/lib/gcc/x86_64-linux-gnu/9/include/bits/types/stack_t.h", O_RDONLY|O_NOCTTY) = -1 ENOENT (No such file or directory)
strace.out.4873:openat(AT_FDCWD, "/usr/local/include/bits/types/stack_t.h", O_RDONLY|O_NOCTTY) = -1 ENOENT (No such file or directory)

It does illustrate the various System headers picked up from places like /usr/include, /usr/lib, /usr/local/include, ...

andrew-m-leonard · 2021-05-14T10:46:57Z

The strace test illustrates the problem of knowing exactly what system files are used to compile with. It is not practical to log, verify and determine the version of every single opened .h file for example.

andrew-m-leonard · 2021-05-21T10:30:07Z

@sxa i've done a smaller delta build with strace, adding execve to strace, which produce the executables nicely:

strace -o strace -ff -e trace=openat,execve make images

grep -v ENOENT strace.* | cut -d'"' -f2 | grep -v "/jdk/" | grep "^/" | grep -v "/proc/" | grep -v "/tmp/" | sort | uniq | while read F; do dpkg -S "$F" >> packagelist.txt 2>> filesnotinpackage.txt; done

packagelist.txt:

diversion by dash from: /bin/sh
diversion by dash to: /bin/sh.distrib
dash: /bin/sh
ncurses-base: /lib/terminfo/x/xterm-256color
libc6:amd64: /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
libc6:amd64: /lib/x86_64-linux-gnu/libc.so.6
libc6:amd64: /lib/x86_64-linux-gnu/libdl.so.2
libc6:amd64: /lib/x86_64-linux-gnu/libm.so.6
libc6:amd64: /lib/x86_64-linux-gnu/libmvec.so.1
libc6:amd64: /lib/x86_64-linux-gnu/libnss_files.so.2
libpcre3:amd64: /lib/x86_64-linux-gnu/libpcre.so.3
libc6:amd64: /lib/x86_64-linux-gnu/libpthread.so.0
libselinux1:amd64: /lib/x86_64-linux-gnu/libselinux.so.1
libtinfo6:amd64: /lib/x86_64-linux-gnu/libtinfo.so.6
zlib1g:amd64: /lib/x86_64-linux-gnu/libz.so.1
binutils: /usr/bin/as
coreutils: /usr/bin/cut
findutils: /usr/bin/find
gcc-7: /usr/bin/gcc-7
git: /usr/bin/git
binutils: /usr/bin/ld
make: /usr/bin/make
coreutils: /usr/bin/nice
binutils: /usr/bin/objcopy
coreutils: /usr/bin/sort
binutils: /usr/bin/strip
coreutils: /usr/bin/tee
coreutils: /usr/bin/tr
findutils: /usr/bin/xargs
libc6-dev:amd64: /usr/include/alloca.h
linux-libc-dev:amd64: /usr/include/asm-generic/bitsperlong.h
linux-libc-dev:amd64: /usr/include/asm-generic/errno-base.h
linux-libc-dev:amd64: /usr/include/asm-generic/errno.h
linux-libc-dev:amd64: /usr/include/asm-generic/int-ll64.h
linux-libc-dev:amd64: /usr/include/asm-generic/param.h
linux-libc-dev:amd64: /usr/include/asm-generic/posix_types.h
linux-libc-dev:amd64: /usr/include/asm-generic/socket.h
linux-libc-dev:amd64: /usr/include/asm-generic/sockios.h
linux-libc-dev:amd64: /usr/include/asm-generic/types.h
libc6-dev:amd64: /usr/include/assert.h
libc6-dev:amd64: /usr/include/dirent.h
libc6-dev:amd64: /usr/include/dlfcn.h
libc6-dev:amd64: /usr/include/endian.h
libc6-dev:amd64: /usr/include/errno.h
libc6-dev:amd64: /usr/include/fcntl.h
libc6-dev:amd64: /usr/include/features.h
libc6-dev:amd64: /usr/include/limits.h
linux-libc-dev:amd64: /usr/include/linux/errno.h
linux-libc-dev:amd64: /usr/include/linux/falloc.h
linux-libc-dev:amd64: /usr/include/linux/limits.h
linux-libc-dev:amd64: /usr/include/linux/param.h
linux-libc-dev:amd64: /usr/include/linux/posix_types.h
linux-libc-dev:amd64: /usr/include/linux/stat.h
linux-libc-dev:amd64: /usr/include/linux/stddef.h
linux-libc-dev:amd64: /usr/include/linux/types.h
libc6-dev:amd64: /usr/include/signal.h
libc6-dev:amd64: /usr/include/stdc-predef.h
libc6-dev:amd64: /usr/include/stdint.h
libc6-dev:amd64: /usr/include/stdio.h
libc6-dev:amd64: /usr/include/stdlib.h
libc6-dev:amd64: /usr/include/string.h
libc6-dev:amd64: /usr/include/strings.h
libc6-dev:amd64: /usr/include/unistd.h
x11proto-dev: /usr/include/X11/extensions/render.h
x11proto-dev: /usr/include/X11/extensions/shm.h
x11proto-dev: /usr/include/X11/extensions/shmproto.h
x11proto-dev: /usr/include/X11/extensions/XI.h
libxi-dev:amd64: /usr/include/X11/extensions/XInput.h
libxrender-dev:amd64: /usr/include/X11/extensions/Xrender.h
libxext-dev:amd64: /usr/include/X11/extensions/XShm.h
x11proto-dev: /usr/include/X11/extensions/xtestconst.h
x11proto-dev: /usr/include/X11/extensions/xtestext1const.h
libxext-dev:amd64: /usr/include/X11/extensions/xtestext1.h
libxtst-dev:amd64: /usr/include/X11/extensions/XTest.h
x11proto-dev: /usr/include/X11/keysymdef.h
x11proto-dev: /usr/include/X11/keysym.h
x11proto-dev: /usr/include/X11/Xdefs.h
x11proto-dev: /usr/include/X11/Xfuncproto.h
x11proto-dev: /usr/include/X11/X.h
libx11-dev:amd64: /usr/include/X11/Xlib.h
x11proto-dev: /usr/include/X11/Xmd.h
x11proto-dev: /usr/include/X11/Xosdefs.h
libx11-dev:amd64: /usr/include/X11/Xutil.h
linux-libc-dev:amd64: /usr/include/x86_64-linux-gnu/asm/bitsperlong.h
linux-libc-dev:amd64: /usr/include/x86_64-linux-gnu/asm/errno.h
linux-libc-dev:amd64: /usr/include/x86_64-linux-gnu/asm/param.h
linux-libc-dev:amd64: /usr/include/x86_64-linux-gnu/asm/posix_types_64.h
linux-libc-dev:amd64: /usr/include/x86_64-linux-gnu/asm/posix_types.h
linux-libc-dev:amd64: /usr/include/x86_64-linux-gnu/asm/socket.h
linux-libc-dev:amd64: /usr/include/x86_64-linux-gnu/asm/sockios.h
linux-libc-dev:amd64: /usr/include/x86_64-linux-gnu/asm/types.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/byteswap.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/confname.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/dirent_ext.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/dirent.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/dlfcn.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/endian.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/endianness.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/environments.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/errno.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/fcntl2.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/fcntl.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/floatn-common.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/floatn.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/getopt_core.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/getopt_posix.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/ipc.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/ipc-perm.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/ipctypes.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/libc-header-start.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/local_lim.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/long-double.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/param.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/posix1_lim.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/posix2_lim.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/posix_opt.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/pthreadtypes-arch.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/select2.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/select.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/shm.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/shmlba.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/shm-pad.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/sigaction.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/sigcontext.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/sigevent-consts.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/siginfo-arch.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/siginfo-consts-arch.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/siginfo-consts.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/signal_ext.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/signum-generic.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/signum.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/sigstack.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/sigthread.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/sockaddr.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/socket2.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/socket.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/socket_type.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/ss_flags.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/stat.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/statx-generic.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/statx.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/stdint-intn.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/stdint-uintn.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/stdio2.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/stdio.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/stdio_lim.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/stdlib-float.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/stdlib.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/string_fortified.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/strings_fortified.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/struct_mutex.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/struct_rwlock.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/sys_errlist.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/thread-shared-types.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/time64.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/timesize.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/clockid_t.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/clock_t.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/cookie_io_functions_t.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/error_t.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/__FILE.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/FILE.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/__fpos64_t.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/__fpos_t.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/typesizes.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/__locale_t.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/locale_t.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/__mbstate_t.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/sig_atomic_t.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/sigevent_t.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/siginfo_t.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/__sigset_t.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/sigset_t.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/__sigval_t.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/sigval_t.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/stack_t.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/struct_FILE.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/struct_iovec.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/struct_osockaddr.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/struct_sigstack.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/struct_statx.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/struct_statx_timestamp.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/struct_timespec.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/struct_timeval.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/timer_t.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/types/time_t.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/uintn-identity.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/uio_lim.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/unistd_ext.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/unistd.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/waitflags.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/waitstatus.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/wchar.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/wordsize.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/xopen_lim.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/gnu/stubs-64.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/gnu/stubs.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/sys/cdefs.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/sys/ipc.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/sys/param.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/sys/select.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/sys/shm.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/sys/socket.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/sys/stat.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/sys/types.h
libc6-dev:amd64: /usr/include/x86_64-linux-gnu/sys/ucontext.h
cpp-7: /usr/lib/gcc/x86_64-linux-gnu/7/cc1
gcc-7: /usr/lib/gcc/x86_64-linux-gnu/7/collect2
libgcc-7-dev:amd64: /usr/lib/gcc/x86_64-linux-gnu/7/crtbeginS.o
libgcc-7-dev:amd64: /usr/lib/gcc/x86_64-linux-gnu/7/crtendS.o
libgcc-7-dev:amd64: /usr/lib/gcc/x86_64-linux-gnu/7/include/limits.h
libgcc-7-dev:amd64: /usr/lib/gcc/x86_64-linux-gnu/7/include/stdarg.h
libgcc-7-dev:amd64: /usr/lib/gcc/x86_64-linux-gnu/7/include/stddef.h
libgcc-7-dev:amd64: /usr/lib/gcc/x86_64-linux-gnu/7/include/stdint.h
libgcc-7-dev:amd64: /usr/lib/gcc/x86_64-linux-gnu/7/include/syslimits.h
libgcc-7-dev:amd64: /usr/lib/gcc/x86_64-linux-gnu/7/libgcc.a
libgcc-7-dev:amd64: /usr/lib/gcc/x86_64-linux-gnu/7/libgcc_s.so
gcc-7: /usr/lib/gcc/x86_64-linux-gnu/7/liblto_plugin.so
libc6:amd64: /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
libc6-dev:amd64: /usr/lib/x86_64-linux-gnu/libc_nonshared.a
language-pack-en-base: /usr/share/locale-langpack/en_GB/LC_MESSAGES/make.mo
locales: /usr/share/locale/locale.alias

filesnotinpackage.txt:

dpkg-query: no path found matching pattern /dev/fd/60
dpkg-query: no path found matching pattern /dev/fd/61
dpkg-query: no path found matching pattern /dev/fd/62
dpkg-query: no path found matching pattern /dev/fd/63
dpkg-query: no path found matching pattern /dev/null
dpkg-query: no path found matching pattern /dev/random
dpkg-query: no path found matching pattern /dev/tty
dpkg-query: no path found matching pattern /dev/urandom
dpkg-query: no path found matching pattern /etc/ld.so.cache
dpkg-query: no path found matching pattern /etc/localtime
dpkg-query: no path found matching pattern /etc/nsswitch.conf
dpkg-query: no path found matching pattern /etc/passwd
dpkg-query: no path found matching pattern /etc/timezone
dpkg-query: no path found matching pattern /home/andrew/.gitconfig
dpkg-query: no path found matching pattern /home/andrew/workspaces/jdk
dpkg-query: no path found matching pattern /lib/x86_64-linux-gnu/libacl.so.1
dpkg-query: no path found matching pattern /lib/x86_64-linux-gnu/libattr.so.1
dpkg-query: no path found matching pattern /lib/x86_64-linux-gnu/libbfd-2.34-system.so
dpkg-query: no path found matching pattern /lib/x86_64-linux-gnu/libctf.so.0
dpkg-query: no path found matching pattern /lib/x86_64-linux-gnu/libgmp.so.10
dpkg-query: no path found matching pattern /lib/x86_64-linux-gnu/libisl.so.22
dpkg-query: no path found matching pattern /lib/x86_64-linux-gnu/libmpc.so.3
dpkg-query: no path found matching pattern /lib/x86_64-linux-gnu/libmpfr.so.6
dpkg-query: no path found matching pattern /lib/x86_64-linux-gnu/libopcodes-2.34-system.so
dpkg-query: no path found matching pattern /lib/x86_64-linux-gnu/libpcre2-8.so.0
dpkg-query: no path found matching pattern /sys/devices/system/cpu
dpkg-query: no path found matching pattern /sys/devices/system/cpu/online
dpkg-query: no path found matching pattern /sys/fs/cgroup/cpu,cpuacct/user.slice/cpu.cfs_period_us
dpkg-query: no path found matching pattern /sys/fs/cgroup/cpu,cpuacct/user.slice/cpu.cfs_quota_us
dpkg-query: no path found matching pattern /sys/fs/cgroup/cpu,cpuacct/user.slice/cpu.shares
dpkg-query: no path found matching pattern /sys/fs/cgroup/memory/user.slice/user-1000.slice/session-2.scope/memory.limit_in_bytes
dpkg-query: no path found matching pattern /sys/fs/cgroup/memory/user.slice/user-1000.slice/session-2.scope/memory.stat
dpkg-query: no path found matching pattern /sys/fs/cgroup/memory/user.slice/user-1000.slice/session-2.scope/memory.use_hierarchy
dpkg-query: no path found matching pattern /usr/bin/bash
dpkg-query: no path found matching pattern /usr/bin/cat
dpkg-query: no path found matching pattern /usr/bin/cp
dpkg-query: no path found matching pattern /usr/bin/date
dpkg-query: no path found matching pattern /usr/bin/grep
dpkg-query: no path found matching pattern /usr/bin/ls
dpkg-query: no path found matching pattern /usr/bin/mkdir
dpkg-query: no path found matching pattern /usr/bin/mv
dpkg-query: no path found matching pattern /usr/bin/nawk
dpkg-query: no path found matching pattern /usr/bin/rm
dpkg-query: no path found matching pattern /usr/bin/sed
dpkg-query: no path found matching pattern /usr/bin/touch
dpkg-query: no path found matching pattern /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/crti.o
dpkg-query: no path found matching pattern /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/crtn.o
dpkg-query: no path found matching pattern /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/libc.so
dpkg-query: no path found matching pattern /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/libdl.so
dpkg-query: no path found matching pattern /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/libgcc_s.so.1
dpkg-query: no path found matching pattern /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/libm.so
dpkg-query: no path found matching pattern /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/libpthread.so
dpkg-query: no path found matching pattern /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/libX11.so
dpkg-query: no path found matching pattern /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/libXext.so
dpkg-query: no path found matching pattern /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/libXi.so
dpkg-query: no path found matching pattern /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/libXrender.so
dpkg-query: no path found matching pattern /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/libXtst.so
dpkg-query: no path found matching pattern /usr/lib/locale/locale-archive

andrew-m-leonard · 2021-05-26T09:29:13Z

equivalent of strace for non-linux platforms is somewhat of an issue, Mac and Windows

andrew-m-leonard · 2021-10-04T12:26:49Z

Working with jdk-18 that has had some reproducible build PRs included, with support for SOURCE_DATE_EPOCH, source date can be "fixed" using eg:

bash ./configure --with-source-date=version

Testing on x64Linux ubuntu, two re-builds locally showed JDK image differences, in several files, including .jmods, and .zips. I have created a fork which resolves the issue caused by timestamps:
andrew-m-leonard/jdk@0b083e8

This left just 1 file that is different which is the generated 64bit CDS archive file: server/lib/cds_classes_nocoops.jsa
This is generated at build time using java -Xshare:dump
It is not always different, I have had a couple of builds that were identical.
Trying to analyse what is causing the difference: https://github.com/openjdk/jdk/blob/master/src/hotspot/share/cds/filemap.cpp

andrew-m-leonard · 2021-10-04T13:05:59Z

-Xlog:cds output fort differing CDS archives:
CDS-1:

Creating CDS-NOCOOPS archive for jdk image /home/andrew/workspace/myjdk/build/linux-x86_64-server-release/images/jdk/bin/java -Xlog:cds -Xshare:dump -XX:SharedArchiveFile=/home/andrew/workspace/myjdk/build/linux-x86_64-server-release/images/jdk/cds_classes_nocoops.jsa -XX:-UseCompressedOops -Xmx128M -Xms128M
[0.004s][info][cds] Core region alignment: 4096
[0.050s][info][cds] Loading classes to share ...
[0.177s][info][cds] Loading classes to share: done.
[0.177s][info][cds] Shared spaces: preloaded 1259 classes
[0.177s][info][cds] Rewriting and linking classes ...
[0.177s][info][cds] Regenerate MethodHandle Holder classes...
[0.353s][info][cds] Regenerate MethodHandle Holder classes...done
[0.359s][info][cds] Rewriting and linking classes: done
[0.360s][info][cds] Gathering all archivable objects ...
[0.361s][info][cds] Gathering classes and symbols ...
[0.401s][info][cds] Sorting symbols and fixing identity hash ...
[0.404s][info][cds] Sorting classes ...
[0.509s][info][cds] _estimated_hashtable_bytes = 367592 + 37200 = 404792
[0.509s][info][cds] _estimated_metaspaceobj_bytes = 221371488
[0.509s][info][cds] total estimate bytes = 221784472
[0.509s][info][cds] Reserved output buffer space at 0x00007efed2c7d000 [221786112 bytes]
[0.509s][info][cds] Allocating RW objects ...
[0.516s][info][cds] done (25496 objects)
[0.516s][info][cds] Allocating RO objects ...
[0.525s][info][cds] done (77611 objects)
[0.525s][info][cds] Relocating embedded pointers in core regions ...
[0.557s][info][cds] Archived java heap is not supported as UseG1GC, UseCompressedOops and UseCompressedClassPointers are required.Current settings: UseG1GC=false, UseCompressedOops=false, UseCompressedClassPointers=true.
[0.557s][info][cds] Relocating external roots ...
[0.559s][info][cds] done
[0.560s][info][cds] Dumping symbol table ...
[0.571s][info][cds] Relocating vmClasses::_klasses[] ...
[0.571s][info][cds] Make classes shareable
[0.584s][info][cds] Number of classes 1403
[0.584s][info][cds]     instance classes   =  1301
[0.584s][info][cds]       boot             =  1301
[0.584s][info][cds]       app              =     0
[0.584s][info][cds]       platform         =     0
[0.584s][info][cds]       unregistered     =     0
[0.584s][info][cds]       (hidden)         =    66
[0.584s][info][cds]       (unlinked)       =     0
[0.584s][info][cds]     obj array classes  =    94
[0.584s][info][cds]     type array classes =     8
[0.584s][info][cds]                symbols = 38603
[0.586s][info][cds] Dumping shared data to file:
[0.586s][info][cds]    /home/andrew/workspace/myjdk/build/linux-x86_64-server-release/images/jdk/cds_classes_nocoops.jsa
[0.593s][info][cds] Shared file region (rw )  0:  4330080 bytes, addr 0x0000000800000000 file offset 0x00001000 crc 0xbf039e5c
[0.603s][info][cds] Shared file region (ro )  1:  7733168 bytes, addr 0x0000000800422000 file offset 0x00423000 crc 0x8896f432
[0.608s][info][cds] Shared file region (bm )  2:   188544 bytes, addr 0x0000000000000000 file offset 0x00b83000 crc 0xe110d26f

CDS-2:

Creating CDS-NOCOOPS archive for jdk image /home/andrew/workspace/myjdk/build/linux-x86_64-server-release/images/jdk/bin/java -Xlog:cds -Xshare:dump -XX:SharedArchiveFile=/home/andrew/workspace/myjdk/build/linux-x86_64-server-release/images/jdk/cds_classes_nocoops.jsa -XX:-UseCompressedOops -Xmx128M -Xms128M
[0.004s][info][cds] Core region alignment: 4096
[0.053s][info][cds] Loading classes to share ...
[0.202s][info][cds] Loading classes to share: done.
[0.202s][info][cds] Shared spaces: preloaded 1259 classes
[0.202s][info][cds] Rewriting and linking classes ...
[0.202s][info][cds] Regenerate MethodHandle Holder classes...
[0.391s][info][cds] Regenerate MethodHandle Holder classes...done
[0.397s][info][cds] Rewriting and linking classes: done
[0.399s][info][cds] Gathering all archivable objects ... 
[0.399s][info][cds] Gathering classes and symbols ... 
[0.457s][info][cds] Sorting symbols and fixing identity hash ... 
[0.461s][info][cds] Sorting classes ... 
[0.579s][info][cds] _estimated_hashtable_bytes = 367592 + 37200 = 404792
[0.579s][info][cds] _estimated_metaspaceobj_bytes = 221371488
[0.579s][info][cds] total estimate bytes = 221784472
[0.579s][info][cds] Reserved output buffer space at 0x00007f697a47d000 [221786112 bytes]
[0.579s][info][cds] Allocating RW objects ... 
[0.586s][info][cds] done (25496 objects)
[0.586s][info][cds] Allocating RO objects ... 
[0.596s][info][cds] done (77611 objects)
[0.596s][info][cds] Relocating embedded pointers in core regions ... 
[0.629s][info][cds] Archived java heap is not supported as UseG1GC, UseCompressedOops and UseCompressedClassPointers are required.Current settings: UseG1GC=false, UseCompressedOops=false, UseCompressedClassPointers=true.
[0.629s][info][cds] Relocating external roots ... 
[0.630s][info][cds] done
[0.630s][info][cds] Dumping symbol table ...
[0.643s][info][cds] Relocating vmClasses::_klasses[] ... 
[0.644s][info][cds] Make classes shareable
[0.657s][info][cds] Number of classes 1403
[0.657s][info][cds]     instance classes   =  1301
[0.657s][info][cds]       boot             =  1301
[0.657s][info][cds]       app              =     0
[0.657s][info][cds]       platform         =     0
[0.657s][info][cds]       unregistered     =     0
[0.657s][info][cds]       (hidden)         =    66
[0.657s][info][cds]       (unlinked)       =     0
[0.657s][info][cds]     obj array classes  =    94
[0.657s][info][cds]     type array classes =     8
[0.657s][info][cds]                symbols = 38603
[0.660s][info][cds] Dumping shared data to file: 
[0.660s][info][cds]    /home/andrew/workspace/myjdk/build/linux-x86_64-server-release/images/jdk/cds_classes_nocoops.jsa
[0.666s][info][cds] Shared file region (rw )  0:  4330080 bytes, addr 0x0000000800000000 file offset 0x00001000 crc 0xe9b97d12
[0.676s][info][cds] Shared file region (ro )  1:  7733152 bytes, addr 0x0000000800422000 file offset 0x00423000 crc 0x7a0821f2
[0.687s][info][cds] Shared file region (bm )  2:   188544 bytes, addr 0x0000000000000000 file offset 0x00b83000 crc 0x7e6df640

andrew-m-leonard · 2021-10-04T13:07:24Z

As can be seen the CDS-2 content has changed differently between the first and 2nd -Xshare:dump. The JDK build builds 2 CDS archives cds_classes.jsa and cds_classes_nocoops.jsa, in that order. Ther 1st one cds_classes.jsa is always identical, the 2nd one cds_classes_nocoops.jsa is usually different:

[0.593s][info][cds] Shared file region (rw )  0:  4330080 bytes, addr 0x0000000800000000 file offset 0x00001000 crc 0xbf039e5c
[0.603s][info][cds] Shared file region (ro )  1:  7733168 bytes, addr 0x0000000800422000 file offset 0x00423000 crc 0x8896f432
[0.608s][info][cds] Shared file region (bm )  2:   188544 bytes, addr 0x0000000000000000 file offset 0x00b83000 crc 0xe110d26f

[0.666s][info][cds] Shared file region (rw )  0:  4330080 bytes, addr 0x0000000800000000 file offset 0x00001000 crc 0xe9b97d12
[0.676s][info][cds] Shared file region (ro )  1:  7733152 bytes, addr 0x0000000800422000 file offset 0x00423000 crc 0x7a0821f2
[0.687s][info][cds] Shared file region (bm )  2:   188544 bytes, addr 0x0000000000000000 file offset 0x00b83000 crc 0x7e6df640

andrew-m-leonard · 2021-10-04T13:14:25Z

The region addresses are the same for both CDS archives, which means the 2nd -Xshare:dump is probably being affected in a non-deterministic way by the first dump?

andrew-m-leonard · 2021-10-04T19:17:58Z

Found existing JDK bug for this deterministic CDS dump problem, i've added a comment with some of my details: https://bugs.openjdk.java.net/browse/JDK-8253495?focusedCommentId=14450892&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14450892

SehrishHussain · 2021-10-11T08:26:35Z

Hi @sxa @andrew-m-leonard, I'm Outreachy applicant, opened this issue following project description (Secure Software Supply Chain Enhancements (Codename "RASPberry"). I'm a bit lost in making sense of this issue with regards to project. Can you help me in getting started? Thank you!

andrew-m-leonard · 2021-10-11T09:46:59Z

@SehrishHussain Hi Sehrish, this issue covers quite a lot, for the CycloneDX SBOM initial task, I have just created a new sub-issue here: #2753
I've added some detail of what we currently provide in terms of build-info.

andrew-m-leonard · 2021-10-15T14:36:09Z

Two Jenkins builds of jdk-18 MacOS using my latest patches show only difference of CDS archive:

andrewleonard@anleonar-mac Downloads % diff -r mdk1 mdk2
Binary files mdk1/jdk-18+17/Contents/Home/lib/server/classes.jsa and mdk2/jdk-18+17/Contents/Home/lib/server/classes.jsa differ

Building on my local laptop as a different environment test to see how dependent on EXACT dependencies and compiler levels we are:

Jenkins built with Xcode 10.3, I tried building on my laptop with 11.5, not un-surprisingly the dylib's were all different!
Using Xcode 10.3 on laptop:
=> So not possible on my MacBPro, as it is running OSX 11.6, and Xcode 10.3 will not work on it....

andrew-m-leonard · 2021-10-25T20:10:04Z

Building on 2 separate x64 Linux environments seems very very difficult to build reproducibly, due to the "native" libraries mainly being different. eg.Build1=Jenkins-Centos6 docker environment, Build2=local virtualbox Ubuntu2.0.04 VM. Even building with exactly the same gcc 7.5.0. All the .so libraries differ considerably.

andrew-m-leonard added the enhancement Issues that enhance the code or documentation of the repo in any way label Apr 21, 2021

andrew-m-leonard self-assigned this Apr 21, 2021

M-Davies added compatibility Issues that relate to how our code works with other third party code bases infra Issues that related to infrastructure problems or enhancements labels Apr 21, 2021

M-Davies added this to the April 2021 milestone Apr 21, 2021

andrew-m-leonard changed the title ~~Prototype "Reproducible Build" using current available Adopt jenkins job & infra framework~~ Prototype "Reproducible Build" using current available Adopt jenkins job & infra framework and "build info" Apr 21, 2021

karianna modified the milestones: April 2021, May 2021 May 5, 2021

github-actions bot added installer Issues that relate to our installer jobs or installer repo jenkins Issues that enhance or fix our jenkins server labels May 12, 2021

This was referenced May 27, 2021

Add extended buildinfo to metadata adoptium/ci-jenkins-pipelines#153

Merged

Add extended buildinfo to metadata #2636

Merged

smlambert mentioned this issue Jun 1, 2021

Bi-weekly Adoptium Community Call - June 1, 2021 adoptium/adoptium#19

Closed

6 tasks

karianna modified the milestones: May 2021, June 2021 Jun 6, 2021

smlambert mentioned this issue Jun 15, 2021

Bi-weekly Adoptium Community Call - June 15, 2021 adoptium/adoptium#23

Closed

3 tasks

andrew-m-leonard mentioned this issue Jun 21, 2021

Add BUILD_CONFIG[OS_FULL_VERSION] #2666

Merged

smlambert mentioned this issue Jul 31, 2021

Investigate cyclonedx extension as a way to store build_info for secure software supply chain #2681

Open

This was referenced Oct 6, 2021

Repro-Build: jdk-18 jmods, jars and zips not deterministic #2743

Closed

Repro-Build: jdk-18 CDS archives are not deterministic #2744

Open

Repro-Build: jdk-18 Adoptium generated cacerts are not deterministic #2745

Closed

andrew-m-leonard mentioned this issue Oct 15, 2021

Repro-Build: jdk-18 HOTSPOT_BUILD_TIME and HOTSPOT_BUILD_USER not reproducible #2761

Closed

andrew-m-leonard mentioned this issue Dec 23, 2021

Determine exact SBOM for building a single JDK linux library using strace #2813

Closed

andrew-m-leonard added the reproducible-build label Dec 23, 2021

andrew-m-leonard closed this as completed Jun 13, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Prototype "Reproducible Build" using current available Adopt jenkins job & infra framework and "build info" #2594

Prototype "Reproducible Build" using current available Adopt jenkins job & infra framework and "build info" #2594

andrew-m-leonard commented Apr 21, 2021 •

edited

Loading

andrew-m-leonard commented Apr 21, 2021

andrew-m-leonard commented Apr 30, 2021

andrew-m-leonard commented Apr 30, 2021 •

edited

Loading

andrew-m-leonard commented May 4, 2021 •

edited

Loading

andrew-m-leonard commented May 4, 2021 •

edited

Loading

andrew-m-leonard commented May 4, 2021 •

edited

Loading

andrew-m-leonard commented May 5, 2021

andrew-m-leonard commented May 7, 2021 •

edited

Loading

andrew-m-leonard commented May 12, 2021 •

edited

Loading

andrew-m-leonard commented May 13, 2021

andrew-m-leonard commented May 13, 2021

sxa commented May 13, 2021 •

edited

Loading

andrew-m-leonard commented May 13, 2021

andrew-m-leonard commented May 13, 2021

andrew-m-leonard commented May 13, 2021 •

edited

Loading

andrew-m-leonard commented May 14, 2021

andrew-m-leonard commented May 14, 2021

andrew-m-leonard commented May 14, 2021

andrew-m-leonard commented May 21, 2021

andrew-m-leonard commented May 26, 2021

andrew-m-leonard commented Oct 4, 2021

andrew-m-leonard commented Oct 4, 2021

andrew-m-leonard commented Oct 4, 2021 •

edited

Loading

andrew-m-leonard commented Oct 4, 2021

andrew-m-leonard commented Oct 4, 2021

SehrishHussain commented Oct 11, 2021

andrew-m-leonard commented Oct 11, 2021

andrew-m-leonard commented Oct 15, 2021 •

edited

Loading

andrew-m-leonard commented Oct 25, 2021

Prototype "Reproducible Build" using current available Adopt jenkins job & infra framework and "build info" #2594

Prototype "Reproducible Build" using current available Adopt jenkins job & infra framework and "build info" #2594

Comments

andrew-m-leonard commented Apr 21, 2021 • edited Loading

Design:

andrew-m-leonard commented Apr 21, 2021

andrew-m-leonard commented Apr 30, 2021

andrew-m-leonard commented Apr 30, 2021 • edited Loading

andrew-m-leonard commented May 4, 2021 • edited Loading

andrew-m-leonard commented May 4, 2021 • edited Loading

andrew-m-leonard commented May 4, 2021 • edited Loading

andrew-m-leonard commented May 5, 2021

andrew-m-leonard commented May 7, 2021 • edited Loading

1. "Re-build" a release, re-producing the "same output"

2. Security (access/auth) of the "infra" and all servers used for storing "dependencies"

3. Auditable "change management" on all "infra", "tooling" and "dependency servers"

andrew-m-leonard commented May 12, 2021 • edited Loading

Dependency scanning?

andrew-m-leonard commented May 13, 2021

andrew-m-leonard commented May 13, 2021

sxa commented May 13, 2021 • edited Loading

andrew-m-leonard commented May 13, 2021

andrew-m-leonard commented May 13, 2021

andrew-m-leonard commented May 13, 2021 • edited Loading

andrew-m-leonard commented May 14, 2021

andrew-m-leonard commented May 14, 2021

andrew-m-leonard commented May 14, 2021

andrew-m-leonard commented May 21, 2021

andrew-m-leonard commented May 26, 2021

andrew-m-leonard commented Oct 4, 2021

andrew-m-leonard commented Oct 4, 2021

andrew-m-leonard commented Oct 4, 2021 • edited Loading

andrew-m-leonard commented Oct 4, 2021

andrew-m-leonard commented Oct 4, 2021

SehrishHussain commented Oct 11, 2021

andrew-m-leonard commented Oct 11, 2021

andrew-m-leonard commented Oct 15, 2021 • edited Loading

andrew-m-leonard commented Oct 25, 2021

andrew-m-leonard commented Apr 21, 2021 •

edited

Loading

andrew-m-leonard commented Apr 30, 2021 •

edited

Loading

andrew-m-leonard commented May 4, 2021 •

edited

Loading

andrew-m-leonard commented May 4, 2021 •

edited

Loading

andrew-m-leonard commented May 4, 2021 •

edited

Loading

andrew-m-leonard commented May 7, 2021 •

edited

Loading

andrew-m-leonard commented May 12, 2021 •

edited

Loading

sxa commented May 13, 2021 •

edited

Loading

andrew-m-leonard commented May 13, 2021 •

edited

Loading

andrew-m-leonard commented Oct 4, 2021 •

edited

Loading

andrew-m-leonard commented Oct 15, 2021 •

edited

Loading