From: "Moessbauer, Felix" <felix.moessbauer@siemens.com>
To: "Schild, Henning" <henning.schild@siemens.com>
Cc: "amikan@ilbers.de" <amikan@ilbers.de>,
"isar-users@googlegroups.com" <isar-users@googlegroups.com>,
"Kiszka, Jan" <jan.kiszka@siemens.com>,
"kazuhiro3.hayashi@toshiba.co.jp"
<kazuhiro3.hayashi@toshiba.co.jp>,
"venkata.pyla@toshiba-tsip.com" <venkata.pyla@toshiba-tsip.com>,
"dinesh.kumar@toshiba-tsip.com" <dinesh.kumar@toshiba-tsip.com>
Subject: Re: [PATCH v2 1/1] image.bbclass: fix non-reproducible file time-stamps inside rootfs
Date: Fri, 6 Jan 2023 02:08:34 +0000 [thread overview]
Message-ID: <1a2b814f1af3362d3dd8bcee8b0e5cd28eb314c9.camel@siemens.com> (raw)
In-Reply-To: <20230105180533.506d8179@md1za8fc.ad001.siemens.net>
On Thu, 2023-01-05 at 18:05 +0100, Henning Schild wrote:
> > > > https://reproducible-builds.org/docs/source-date-epoch/
> > > > +#SOURCE_DATE_EPOCH =
> > >
> > > ${@bb.process.run(git log ...)}
> > >
> > > would be nice here. So once uncommented it will keep moving as
> > > people commit.
> >
> > Be careful with this pattern as it bypasses the Bitbake signatures,
> > leading to non-deterministic signatures errors. We had the same
> > problem with the ISAR release command. Maybe the immediate
> > expansion
> > operator works in the local conf, but I did not check that.
>
> The value is only ever used in image.bbclass in the finalize
> function.
> So maybe not a problem to expect with sstate.
This is totally independent of sstate. Bitbake internally requires that
the values of all variables are deterministic. This is required because
the set of signatures of a task is used to decide if a task is re-
executed or not. And changing signatures without changing the "input"
is a bitbake error.
>
> > It would be better to inject that from the outside, e.g. via KAS or
> > an
> > environment variable.
>
> Yes but we also need to document sane values for it, maybe in the
> user
> doc after all and not the local.conf.sample.
>
> > And in addition, we need to make sure that we
> > only forward this variable to non-sbuild tasks. The sbuild tasks
> > should get the SOURCE_DATE_EPOCH from the latest entry in the
> > changelog. However, for auto-generated changelogs, the date should
> > be
> > the value of SOURCE_DATE_EPOCH.
>
> I sure hope this one does not go into the env of the package
> building,
> but it should be double checked.
>
> For auto-generated changelogs we have another solution based on last
> debian changelog entry or 1.1.1970 if there is none.
>
> https://github.com/ilbers/isar/commit/53d315fdd3f3dcf70ac3f257d9431ba522e86eb4
IMHO this pattern is a hacky workaround. As we now have the
SOURCE_DATE_EPOCH, we should also use that for the changelog.
But better not as part of this series. It is already getting too long.
@venkata: When sending a new version of the series, please do not send
it as "in-reply-to ...", as this makes it harder and harder to read it
between all the replies. Better simply send it directly.
Felix
>
> Henning
>
> > Felix
> >
> > >
> > > > diff --git a/meta/classes/image.bbclass
> > > > b/meta/classes/image.bbclass
> > > > index 813e1f3..38a9adf 100644
> > > > --- a/meta/classes/image.bbclass
> > > > +++ b/meta/classes/image.bbclass
> > > > @@ -430,6 +430,15 @@ do_rootfs_finalize() {
> > > >
> > > > "${ROOTFSDIR}/etc/apt/sources.list.d/bootstrap.list"
> > > >
> > > > rm -f "${ROOTFSDIR}/etc/apt/sources-list"
> > > > +
> > > > + # Set same time-stamps to the newly generated
> > > > file/folders in the
> > > > + # rootfs image for the purpose of reproducible builds.
> > > > + test ! -z "${SOURCE_DATE_EPOCH}" && \
> > > > + find ${ROOTFSDIR} -newermt \
> > > > + "$(date -d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d
> > > > %H:%M:%S')" \
> > > > + -printf "%y %p\n" \
> > > > + -exec touch '{}' -h -d@${SOURCE_DATE_EPOCH}
> > > > ';' >
> > > > ${DEPLOY_DIR_IMAGE}/files.modified_timestamps +
> > > > EOSUDO
> > >
> > > I would suggest to at least display a bbwarn if "wc -l" of that
> > > file
> > > exceeds some number ... say 50. I guess if SOURCE_DATE_EPOCH was
> > > too
> > > old, say 01.01.1990 the whole filesystem would be touched which
> > > might indicate a problem.
> > >
> > > Not sure what a good number would be. We could also check for
> > > certain files to _not_ be in there for sure.
> > >
> > > I might give that patch a try and see for myself what a too old
> > > value would do. But right now i will keep going with the
> > > expectation that it
> > > would "touch all files without big warning" and the thing might
> > > still boot but the broken metadata could cause any kind of
> > > problems
> > > in applications that can get confused by that big change.
> > >
> > > Henning
> > >
> > > > }
> > > > addtask rootfs_finalize before do_rootfs after
> > > > do_rootfs_postprocess
> > >
> >
>
next prev parent reply other threads:[~2023-01-06 2:09 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-02 14:58 [PATCH] image.bbclass: fix non-reproducible file time-stamps inside rootfs image venkata.pyla
2023-01-02 15:32 ` Jan Kiszka
2023-01-03 5:54 ` Venkata.Pyla
2023-01-02 16:44 ` Henning Schild
2023-01-03 8:05 ` Jan Kiszka
2023-01-03 18:51 ` Henning Schild
2023-01-03 14:10 ` Venkata.Pyla
2023-01-03 19:05 ` Henning Schild
2023-01-04 7:54 ` Venkata.Pyla
2023-01-04 9:29 ` Henning Schild
2023-01-04 13:48 ` Venkata.Pyla
2023-01-04 13:53 ` Henning Schild
2023-01-04 14:35 ` Jan Kiszka
2023-01-04 14:50 ` Venkata.Pyla
2023-01-04 15:07 ` Henning Schild
2023-01-04 15:34 ` Venkata.Pyla
2023-01-05 6:18 ` [PATCH v2 0/1] Fix for reproducible build issue venkata.pyla
2023-01-05 6:18 ` [PATCH v2 1/1] image.bbclass: fix non-reproducible file time-stamps inside rootfs venkata.pyla
2023-01-05 8:19 ` Henning Schild
2023-01-05 9:50 ` Moessbauer, Felix
2023-01-05 17:05 ` Henning Schild
2023-01-06 2:08 ` Moessbauer, Felix [this message]
2023-01-05 13:52 ` Venkata.Pyla
2023-01-05 15:12 ` [PATCH v3 0/1] Fix for reproducible build issue venkata.pyla
2023-01-05 15:12 ` [PATCH v3 1/1] image.bbclass: fix non-reproducible file time-stamps inside rootfs venkata.pyla
2023-01-06 9:45 ` Moessbauer, Felix
2023-01-06 10:17 ` Venkata.Pyla
2023-01-05 16:49 ` [PATCH v2 " Henning Schild
2023-01-04 15:01 ` [PATCH] image.bbclass: fix non-reproducible file time-stamps inside rootfs image Henning Schild
2023-01-04 15:27 ` Jan Kiszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1a2b814f1af3362d3dd8bcee8b0e5cd28eb314c9.camel@siemens.com \
--to=felix.moessbauer@siemens.com \
--cc=amikan@ilbers.de \
--cc=dinesh.kumar@toshiba-tsip.com \
--cc=henning.schild@siemens.com \
--cc=isar-users@googlegroups.com \
--cc=jan.kiszka@siemens.com \
--cc=kazuhiro3.hayashi@toshiba.co.jp \
--cc=venkata.pyla@toshiba-tsip.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox