Deterministic Build for Windows and Mac OS X

[fpietrosanti]

In order to prevent attacks against software distribution (http://hyper.to/blog/link/attack-scenarios-software-distribution/) it's useful for security reason to introduce Build Determinism (http://www.conifersystems.com/2008/10/17/build-determinism/ ) for APAF applications, in particolar for Windows and OSX.

Also Tor Project is looking at Build Determinism https://trac.torproject.org/projects/tor/ticket/3688 .

The Build Determinism is currently not required for Linux/Debian packaging, but focus Windows and Mac OS X users.

It must be analyzed whenever:

• py2app create deterministic build on OSX
• py2exe create deterministic build on Windows

In case it does not build deterministic build, it must be analyzed which kind of differences are in binary-diff and how to handle it.

[fpietrosanti]

Whenever it would be required to edit Windows PE32 files to "fix" some headers there is a nice python library called pefile http://code.google.com/p/pefile/ .

However it maybe better to patch "py2exe" in order to force it to create deterministic build.

The very same is for py2app.