Tech-Talk

What is deterministic software building with Gitian?

2 Mins read

Gitian is a secure source-control oriented software distribution method. This means you can download trusted binaries that are verified by multiple builders.

What is it?


A deterministic build is a process of building the same source code with the same build environment and build instructions producing the same binary in two builds, even if they are made on different machines, build directories and with different names. They are also sometimes called reproducible or hermetic builds if it is guaranteed to produce the same binaries even compiling from different folders.

Deterministic builds are not something that happens naturally. Normal projects do not produce deterministic builds and the reasons that they are not produced can be different for each operating system and compiler.

Deterministic builds should be guaranteed for a given build environment. That means that certain variables such as the operating systembuild system versions and target architecture are assumed to remain the same between different builds.

Why it’s important to build the software deterministic?

Security. Modifying binaries instead of the upstream source code can make the changes invisible for the original authors. This can be fatal in safety-critical environments such as medical, aerospace and automotive. Promising identical results for given inputs allows third parties to come to a consensus on a correct result.

Traceability and binary management. If you want to have a repository to store your binaries you do not want to generate binaries with random checksums from sources at the same revision. That could lead the repository system to store different binaries as different versions when they should be the same. For example, if you are working on Windows or MacOs the most simple library will lead binaries with different checksums because of the timestamps included in the library formats for these Operating Systems.

Another advantage for the developer is, he can start the build process for all operating system types at once. Compiling software just takes some time. So you can start the whole build process overnight and in the morning all packages are ready.


Conclusion

Authenticity and integrity are the top priorities here again. Bitcoin has placed great value on security and authenticity from the very beginning. So the software developer has many free tools at his disposal to produce good software.

Gitian building in conjunction with SHA256 and PGP file security are not complicated to provide. Unfortunately very few projects use these tools.

Why: I think there is a lack of knowledge and the fewest developers who call themselves “Blockchain Dev” really don’t know anything about programming. Certainly their own demand for quality also plays a role here. Fast and cheap, it will work so, nobody notices anyway, laziness…

By the way, the Bitcoin core repository contains a very detailed and constantly updated Gitian manual. You don’t have to redevelop the wheel.

These are all aspects of quality which in my eyes make a project “good” or “bad”.

It just remains to say thanks to Bitcoin, Dash, PIVX and all the others who provide us with great software for free.


Related posts
Tech-Talk

Check Your Shell Scripts with ShellCheck.net

1 Mins read
Check If Your Shell Script Code Sucks. For all Shell Ninjas and all who want to be one.
Tech-Talk

Wallet release versioning | Semantic Versioning

2 Mins read
What rules are there? How do you version software releases correctly? Semantic Versoning is the answer!
Tech-Talk

Iquidus Explorer Setup in 30 Minutes

5 Mins read
The ultimate installation guide for the Iquidus Block Explorer. There are no up-to-date and complete guides on the internet. Here the all…
×
GOSSIP

Funny founds in blockchain code