FreeBSD now builds reproducibly and without root privilege
6 months ago
- #FreeBSD
- #ReproducibleBuilds
- #Security
- FreeBSD can now be built without requiring root privileges, enhancing security and simplifying automated builds.
- Changes are available in the FreeBSD development branch and will be merged into FreeBSD 15.0.
- Release artifacts like ISO images, VM images, and cloud disk images can now be built without root access.
- The removal of root privileges reduces the attack surface and enables safer build environments.
- FreeBSD has introduced improvements for reproducible builds, ensuring identical source inputs produce identical binary outputs.
- Key reproducibility improvements include normalized timestamps, stable file ordering, and consistent build environments.
- Reproducible builds enhance trust, debugging, auditing, and maintainability of the software supply chain.
- FreeBSD's CI and build infrastructure can now operate in unprivileged containers and restricted environments.
- Contributors can build complete FreeBSD releases locally without elevated privileges.