From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7187242631035879424 X-Received: by 2002:ac2:46c7:0:b0:4af:ee74:aa5f with SMTP id p7-20020ac246c7000000b004afee74aa5fmr3438347lfo.24.1673419924485; Tue, 10 Jan 2023 22:52:04 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6512:214f:b0:4c8:8384:83f3 with SMTP id s15-20020a056512214f00b004c8838483f3ls5264029lfr.3.-pod-prod-gmail; Tue, 10 Jan 2023 22:52:03 -0800 (PST) X-Google-Smtp-Source: AMrXdXvsZySCqIgCl4OTJRLQpo0KUBLpZsCusq82f51agOzZ0ujoC6rf9bjmvKhAS0ZrRy1i4/t5 X-Received: by 2002:a05:6512:3b9:b0:4c8:9b9f:b1f8 with SMTP id v25-20020a05651203b900b004c89b9fb1f8mr16914504lfp.18.1673419923006; Tue, 10 Jan 2023 22:52:03 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1673419922; cv=pass; d=google.com; s=arc-20160816; b=klcAjt05/N/02ySKYl3wkmDa47nUxyFchfbFlfcZq619HzEUraA3AZsl+gUzysL8SK sBIJY8c+p2zRgwaviNoG6AsCs6Vih0p8W5rEpVrxO4pfaZb9kRBefQnDSeQUv8J8wvqO c9lC3qm7aTGwqnUDjHdsr31YeawRUck5W/KVuC5x/xB0Ev13HR5/AKp0V6Z4K4BIkCEY xC5kxoZzrXnsUzHNv8A6mXvo09OtKD1syF+x47jyjL3IIcN7Pkyrwn5hE0lscf1wgZPi CyA66c8v+Jx5OqtQ8QM66OvQwGDShZw84N2Ris/blVGSeAHy6estFRTm7p5pKPbMtfDT ZXJA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:in-reply-to:from:references :cc:to:content-language:subject:user-agent:date:message-id :dkim-signature; bh=QwZmlFWrBEBoBAOLxnvNZKI+PTdDMCPl6uHIkNtHUc8=; b=zHT5VZ1pnnEuf9m2/75hyrMjO8rFQ+UElNuKxtdOhAOeVmEvBeJPtpJwoxxsHxxX10 EAgp0LhQdXGUEglxtZ2tqBDfBw7yYivR5421P3Cbd5l7gcwuKA/DIf7yAng4/Gjd3eVb Xnp9NCuoIIQzUJESwsJ8cZmj+BoLI3SqU12/MgSvvd33GJItuFnMVKgttfdPc+jEkm6S K6xvZf0rwrmIlnHdjoYLEqAp1dkW1HqAfeWdwOCrLeKv2r8oXfS94eT15ciA98/0P5pT peMdOqoxYOGWFaYGBH3qFOryc34qQUaWtOZLiAJ9RoQ+9GggHVUoEzBEPTzap0VSWx0Q NyEg== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=bORZ8S7R; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 40.107.241.49 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02on2049.outbound.protection.outlook.com. [40.107.241.49]) by gmr-mx.google.com with ESMTPS id s5-20020a056512314500b004b59c9b7fbdsi578936lfi.7.2023.01.10.22.52.02 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Jan 2023 22:52:02 -0800 (PST) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 40.107.241.49 as permitted sender) client-ip=40.107.241.49; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=bORZ8S7R; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 40.107.241.49 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nvoqs/2AnYvPVWHkBawT21ofXKKy+jpiUi7+rYMhEpjpw3Bsu6QX/ViPfi9FrrVcIaHZoNtlW9rneVZidNDczAuY1aY7wWsLnSMoFF+Lm56DpFLK6MWpMq/A7qdPsJeTuBUtRdQ/ANkj9RzIcOWEZXD2842jvW9RbrBlqydn95KkBBQlbdC+AkxSdE2/C4HU4p1zWTi3Ardm/olpZWLS0cJkN2AWbPjaWyrigIRr9SRu0EU1Yk/CVacL87nzy4f6f4wV/Ql+rYodqzcHti+js2v7BCu6ufnIn095pPBGINt3XxbQzgE3FxaVizAkQBB835A+gMb+ja//0rT0+Tg40g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QwZmlFWrBEBoBAOLxnvNZKI+PTdDMCPl6uHIkNtHUc8=; b=S1pzZnSfWW2bFuYWYdRWGlIxsBZYEAFIh2E7mJMxLK1MUnxD08EVoy5A+EghCiuLQ8hC8Y/FZFUc2OqfbVDulXahvrDTEA7Mdxp/EPuaZc72ZtE8PT+biAHiXWs8KwPBrYovUriMyIWXlFmZ12lKFhvGi8fhrOQXBgI2sD6uYJHfcZnj3ZS618ed+4ttOrvdmLTpK5tVQYcKqDSQOzKszkUys2RQ3jClt/alSgKlIradJJwTcAhbBWU/4/jm1Ra6tPXOnMayi4rCYM7LM0bMc6Cf8hDR6LrmtAPVy5pdwi8PHjyAffwJw128S7v/LHrUi+0yXpN8MMM5zg8M1TqDjQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QwZmlFWrBEBoBAOLxnvNZKI+PTdDMCPl6uHIkNtHUc8=; b=bORZ8S7ROiO1O4zAr7sypn6U5CGMdMMHnqKCDKVDzL93TX0VgigvmhZOrtZf7c8dL8mqYD3YqLZ2GHlnRkkWFOL6jYGBwN5lKkVATADHsglqNxHsvm65L2h1fPyy7VOhyX8KLfLiAUOrF6hI+hzL8/OUeYIQ22S5SW7QQ8syS1UOsw5hwYg2WtLOkot6jRu+2EEAUDLFcNMLPURnlkt6WOLkToxofjslZDfYWrKwXo5DAiNDiDEJVagqje8V861/KVeGKJQv1shJnj8UqWI3z2ekO8FYmxiikvAmDPb345/hWWP1y34FrmRBJknS2Nt5GT6l7peBbMZkOmLKKSraHg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) by PAWPR10MB6855.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:33b::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5986.18; Wed, 11 Jan 2023 06:52:01 +0000 Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::784b:e95b:b855:dcc5]) by AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::784b:e95b:b855:dcc5%6]) with mapi id 15.20.5986.018; Wed, 11 Jan 2023 06:52:01 +0000 Message-ID: <1f9d10d3-e232-eb01-5668-deaa9771f8be@siemens.com> Date: Wed, 11 Jan 2023 07:51:59 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1 Subject: Re: [PATCH 00/11] Make rootfs build reproducible Content-Language: en-US To: Felix Moessbauer , isar-users@googlegroups.com Cc: daniel.bovensiepen@siemens.com, henning.schild@siemens.com, venkata.pyla@toshiba-tsip.com References: <20230111041140.3460393-1-felix.moessbauer@siemens.com> From: Jan Kiszka In-Reply-To: <20230111041140.3460393-1-felix.moessbauer@siemens.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-ClientProxiedBy: FR3P281CA0136.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:95::9) To AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) Return-Path: jan.kiszka@siemens.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR10MB6181:EE_|PAWPR10MB6855:EE_ X-MS-Office365-Filtering-Correlation-Id: c71b1023-383e-4509-8109-08daf3a05724 X-LD-Processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: axwk0xihWUqm5bdcgwsBw/RV7hwqr1Z6IxlaDN9kVWjyvTKhgsojMgNfYHIcgswTc6bPfrisEsvAj9zbMA5y8no9wyfce4Ao7P3KkYWGPozBgJf1SdNwpW6TLMgklsyU1VvLaRgCRvtyk3K8qXuCmji2btdyGWxAHMBqfkgvZZkG7h84zm58vylHrvJ2eMXcP2QIzbB+21DQ9hj80WQOvLfX2ZSGWEp+Kv632qiQKivO7OyoLclH4kut/hAOqK56JNc674VO+STHvfqSkTMNmMyEaBT5vsMu+0OSyZiYDkh0N2AydBP4T3G0Z50b/mBDz6ewqDcqYp/6ti1GYpkrhs4lVuKwgd044hG4+aWUZWfy1yhAyJFOC+ZOtGaHUYIBzYa27w0OBYQD1VFgdMglcBTez2Kq8cy9RanjdC1ybbDPMuYir8Ou3a5lNTxj0iEgjew3D68TnzddukQQYe/V83oBqf/3ocp8R1IFh0D10H4AjRT0iixnYjvFU2iROmlinvF8B/QxFjdVZVvEtSxAwcdmDmBG2YrGI00l7kESYOcjhmRamMK7FBzaYwCWd2MBdqHhl+a8aftBD5iddw4IHAR2V5YaewfW1uVhQv3P64dp6BEnxBsmAKvLgExTqcqiq4HXMIKpIsxZs9LSrPba+Q+FMNOdw1TjTfi3/gzO5/1mXxq8YV6/rypjuW8x4Vtz1CxXM5owlUDfkX48fviZAJU05bUIfMyhBeOa3bW7LWE= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230022)(4636009)(396003)(39860400002)(366004)(376002)(346002)(136003)(451199015)(83380400001)(2906002)(38100700002)(31696002)(86362001)(66556008)(66476007)(4326008)(82960400001)(8676002)(44832011)(66946007)(41300700001)(478600001)(6512007)(186003)(6506007)(2616005)(26005)(53546011)(5660300002)(8936002)(316002)(6486002)(36756003)(31686004)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Q1Jqc3o4eE1OckhIc1Qwd1JMdW5kTEV4L2UzbGM4TXNid0ZLUlJRcUJSczJp?= =?utf-8?B?UE11bGlUaGozSkVTVW9SdTZXZFlFUDZMdEJOVy9NTnhseExUdkIrUjAyY2Mv?= =?utf-8?B?N1N4Wmg3WWp3dXVsVi9EaW1tWkdlemhXdzNLYTc5bmhBNWdvcVFDVW5WVXFU?= =?utf-8?B?NmsvSHVjY2ZLMXhHekI3NDljTUdPanM3V0lmbFMxdm1WeThpenkySjJXc3Rr?= =?utf-8?B?V2ZneDZncWFycElCRWlva0t0RlhTaVhDNDArMEZrdUI1bWtaNFlSLy9QZ093?= =?utf-8?B?S1VPemlkeXhXNjQzVFhlZDFjZ3BiaHNRUUxQdXhnR3BjTTFoRlZvUXQ3eGZ2?= =?utf-8?B?TUJyVmxBMlZrZk9ISDMzNTJqUlltbHVHaTZEWDFHQVNIZy9yUXBiaUczYlAw?= =?utf-8?B?R1orRDZjbFYrUWNqWktNaVE3c3lWNnlDQ1dRMzlFeE94WjBHWGhxUnlSemtT?= =?utf-8?B?dEV1OUQwaWQrby9OcXo1Nm9ObGdOVzNNZitZWnRjbHRqR2dWSlNXU2Zzdmh0?= =?utf-8?B?UkNadDVpMGdJSG56ZFNFS2lucVNjVytUVkl2V1FMODZ4c0tXdXhTVnd3NUgy?= =?utf-8?B?elhTdy96NzU5b2N3aUpZdWVpaDNtRVZudUJXY0N2SXFDV0U4M21QV0tLNUxR?= =?utf-8?B?dlRlYUVFRVBBbmQ4U1FJY2hnRFMrWjdXcnozOU1YTDRQTUs0eWF5ZlB3L1BN?= =?utf-8?B?cnREajVkNjNxRWpzNmdWR2U5aStsYTVjK1YxL3VtM09MTEhPOWkycWszdU4r?= =?utf-8?B?dXJtdEdEZmhhSVl6MDdieE1zS2RUR20yb1hub1U4ZzFuamRXOTRiMFpwbjU1?= =?utf-8?B?RGpDeFc3bUxqZkxUVGJVT2drZlJvWDVab3hwUkZiVkV3TW5QalhDVEE3amV1?= =?utf-8?B?S1hZdVZZeEJ1TUhxSUdRcCtaZURLTjk4OEp6WnpmT25DU0dvZVIvV1hXOTFJ?= =?utf-8?B?UjdZUWwvTXlyRC9lWjlqdWI2d2I0Y1JRYW5GNGlPTFh6ZmNlRnVBRkdMZlYy?= =?utf-8?B?T2NFVmpyVkFPaXAyRytpZ25HOUZDRDIxSVlydkxWa01Qd0VtRlEzOUw1ZGt4?= =?utf-8?B?VFZtaDRKeU1RRVp4T3FHK3ZDTjJmSEQ5bDJvYUg4SGlzc096QktOR2w5d1Rh?= =?utf-8?B?MnVRZGt0YnhKNyt2Y2MxK0RRbC9WdUpNUVhqZXh0T3pSVDNlODVHbXRFN0ZK?= =?utf-8?B?c0loYktCUkZuYzU2aVRROWZITGg0Y00wVUpzdHFqeG1zUUtPcWtXR2xnOFFM?= =?utf-8?B?UGYxTVFXVWF3MysxOERoZjVPRGw2V1R2ZE84d3NEYkYzamdLOU1iNnNTQzRy?= =?utf-8?B?bHMvZFI0Q1l5NW9BKzlsYUt4WkVSU2dXaHBkUmRuY0xERkVNZG1LbEs1Tllz?= =?utf-8?B?RTZxMUtNUWpOSmRSQWhzV01LaWwwSjJiSXZqaFFjY0xWODVWT2grZm9jOXli?= =?utf-8?B?YkZSUmk3N3RtU3plcDQ2RnJqT2lTdVE4ZTZiNlRDQVdhQm5tYnRiZUg0d2RQ?= =?utf-8?B?dW8xeDRuT2JsYXNFV2xRUjNHMnJZeTM0amdYcmlwYU9qR3k3bS9mRU12UmU1?= =?utf-8?B?K1NXamYwRWdtNW5nRUtsRVcwTW9HdmphMmtHT1hLUURodmpYcnh0cEEzSEZu?= =?utf-8?B?MVpTeEFYZkZCMkVGSFRIQ3YxdUd1enBINkpGVXQ5dm5zOFV6WEVqZXB5d3Rt?= =?utf-8?B?S21jVEFJNVoyR2hPNDhFV2NWbUV3UVA5NkpuR1BDZHg2TlN6Ui9hd0Q1RUoy?= =?utf-8?B?bmI0VDZlNTJKY043bXEzWjlRQ3JRdzZGT3BQanlQaC9nTE1PQVhiOU5TcGJ0?= =?utf-8?B?V1JyVFNEcjB4akJ0Sy8zQWdJQWUrVWlDZzdOTkhYMDZQWGNjdkFWcExobVZQ?= =?utf-8?B?N3Y1MFhmNlE1V1M1cnVPMG5uSUJUVVZsbkx0SjJLM3ExYVQ0Q3Fyc3hLZG1S?= =?utf-8?B?cy9VNnYwQnc1L1c2S0ZTemhDblV4RlVGdkt0SlZ5ZVZOSFl0WFR1MHBrbDFJ?= =?utf-8?B?YjdPQWNBTnZWc3BuWGtabE1RdjJySUE5S1hoakFOTllMcXlLQ2xkdEtqcUNt?= =?utf-8?B?bmhXa2Q5eTNvMWRRUWh6dmRBSHFlWUVQYmEzQWNZT1JOVlIyNjVIWnJFc05z?= =?utf-8?B?c0lWUFFJRlk5dzNJRnRGaUdHYWVIcDJJM2g4NURkZ2ZWQVpDekhIdXk2c1NW?= =?utf-8?B?OGc9PQ==?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: c71b1023-383e-4509-8109-08daf3a05724 X-MS-Exchange-CrossTenant-AuthSource: AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jan 2023 06:52:01.0079 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: H7sbT9rVj8nwfcOtRp3+fAg5Qavgddze5lpDpzDSauJQOvMNT93Wn6MCoovsYbqXHl3Hipl2PzXnG/wrc16UXg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB6855 X-TUID: qaGBLd9kSmth On 11.01.23 05:11, Felix Moessbauer wrote: > This series finally makes the rootfs generation bit-reproducible > from debian bullseye on. Parts of it have already been sent > as individual patches. However, image reproducibility can only > be achived once all parts are reproducible itself. By that, > these patches are included in this series as well. > > With this series, the following parts are now fully reproducible. > This has been tested on the isar-image-base target. > > - custom initramfs (creation and updates) > - debian initramfs (only updates are relevant) > - custom kernel (debian kernel is reproducible itself) > - rootfs itself > - tar file generation (.tar) > - ext4 generation (only from bookworm on, more tests needed) > > Other parts that are still not reproducible are: > > - WIC (should be solved in OE already) > - containers (untested yet) > > Best regards, > Felix Moessbauer > Siemens AG > > Felix Moessbauer (10): > fix rebuild of rootfs_finalize task > rootfs postprocess: clean python cache > remove non-portable ldconfig aux-cache > generate deterministic clear-text password hash > update debian initramfs in deterministic mode > create custom initramfs in deterministic mode > make deb_add_changelog idempotent > deb_add_changelog: set timestamp to valid epoch > deb_add_changelog: use SOURCE_DATE_EPOCH > make custom linux-image bit-by-bit reproducible > > venkata pyla (1): > image.bbclass: fix non-reproducible file time-stamps inside rootfs > > meta-isar/conf/local.conf.sample | 10 +++++++++ > meta/classes/debianize.bbclass | 22 +++++++++++++------ > meta/classes/image-account-extension.bbclass | 10 ++++++++- > meta/classes/image.bbclass | 21 ++++++++++++++++-- > meta/classes/initramfs.bbclass | 5 +++++ > meta/classes/rootfs.bbclass | 13 +++++++++++ > .../linux/files/debian/isar/build.tmpl | 1 + > .../linux/files/debian/rules.tmpl | 14 +++++++++++- > meta/recipes-kernel/linux/linux-custom.inc | 2 ++ > 9 files changed, 87 insertions(+), 11 deletions(-) > Cool! Jan -- Siemens AG, Technology Competence Center Embedded Linux