From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7163187300010033152 X-Received: by 2002:a17:902:f691:b0:186:b250:9763 with SMTP id l17-20020a170902f69100b00186b2509763mr50541552plg.62.1667809509488; Mon, 07 Nov 2022 00:25:09 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a17:90a:17eb:b0:20f:adac:8c6 with SMTP id q98-20020a17090a17eb00b0020fadac08c6ls10898097pja.1.-pod-canary-gmail; Mon, 07 Nov 2022 00:25:08 -0800 (PST) X-Google-Smtp-Source: AMsMyM4SK5xF4m9OszinLaA7r6RCVVG+e0pJt6opS1dVZnZdf2BQbjUjDJxt74JEO6tWlsGM/dNR X-Received: by 2002:a17:90a:d084:b0:213:8cf1:4d34 with SMTP id k4-20020a17090ad08400b002138cf14d34mr51417748pju.150.1667809508777; Mon, 07 Nov 2022 00:25:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667809508; cv=none; d=google.com; s=arc-20160816; b=cCUw73pd+YtSeByZW3XYLcW/U4a8r7CLoF4h/3NWrsPxPSrZkaXmpTexvJBzP3dkmB 66DcGZiybx0cRZ15JrE22lXrcqi/plcXhZxH2/qYmFinDIg37Rrq2ieR4qh6ZANdVrU0 2eg9jYHQF79t8fPl4p1VDDYAQNa9lAsGjHlWwTAvPtXkhP3Az6XzXt8traATh5CWHDCm 2JGr+O4NEjMiePt0nFKVMrCZWcxe3aQarmhBP24/FiVhATeMy+l3CxMfQlI7sqKV6OmV 0zfWB0WZu9vdkVVEpt/Pee4x+Vd23frCpEmGquA62ek+yyIasc7MCy0ns/A6azxgfViT LAgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from; bh=ZiIa5TesU/3SJ3oujsXCdlKhUQJ/L+1d1PwegtivOB0=; b=Bh6eqUs4r+FWfzoxFfGSwpuL3Q3VSRA/6GGaZyd5ETTbKA6RQi6QYwdeA20tEp5F0c 2l31RaNAmu7Si/qmFpe8Woww/D835PvGiPusNBBmYgZDdZgifMOzXTqZLPXR9UxFWhZN FBvYqyzAyr7QaDEI25PadI8T/1Wt4Gq4G/GL4CNreS04mOZEiOBi+dkHkE+sde3OMhSI QyfP6BZFZI6JOTd5stlnuwElIqW5Ht+gDViAmGV37rTSergfTKeuZ/aGqaZ3J/Ly8BRk TyObLMsoUGN8FfNNgOXDCFiMYgLn3nPHx8YPBMLdzQwxNeq2gbOEXz/lblx98fBrG7H9 BruQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of venkata.pyla@toshiba-tsip.com designates 210.130.202.155 as permitted sender) smtp.mailfrom=venkata.pyla@toshiba-tsip.com Return-Path: Received: from mo-csw.securemx.jp (mo-csw1516.securemx.jp. [210.130.202.155]) by gmr-mx.google.com with ESMTPS id p13-20020a170902a40d00b00186c372722csi312805plq.9.2022.11.07.00.25.08 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Nov 2022 00:25:08 -0800 (PST) Received-SPF: pass (google.com: domain of venkata.pyla@toshiba-tsip.com designates 210.130.202.155 as permitted sender) client-ip=210.130.202.155; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of venkata.pyla@toshiba-tsip.com designates 210.130.202.155 as permitted sender) smtp.mailfrom=venkata.pyla@toshiba-tsip.com Received: by mo-csw.securemx.jp (mx-mo-csw1516) id 2A78P6E1016570; Mon, 7 Nov 2022 17:25:06 +0900 X-Iguazu-Qid: 34ts129D5ZIe0Yv22k X-Iguazu-QSIG: v=2; s=0; t=1667809506; q=34ts129D5ZIe0Yv22k; m=+m7m/GgVTadfVGUe+esNFJuK7zLLhkJN9i9cczmQLi4= Received: from imx12-a.toshiba.co.jp ([38.106.60.135]) by relay.securemx.jp (mx-mr1511) id 2A78P6mX001082 (version=TLSv1.2 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 7 Nov 2022 17:25:06 +0900 From: venkata.pyla@toshiba-tsip.com To: isar-users@googlegroups.com Cc: venkata pyla , jan.kiszka@siemens.com, henning.schild@siemens.com, kazuhiro3.hayashi@toshiba.co.jp, dinesh.kumar@toshiba-tsip.com Subject: [PATCH] image.bbclass: set file timestamps inside the rootfs and initramfs image Date: Mon, 7 Nov 2022 13:55:03 +0530 X-TSB-HOP2: ON Message-Id: <20221107082503.14774-1-venkata.pyla@toshiba-tsip.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-OriginalArrivalTime: 07 Nov 2022 08:25:03.0939 (UTC) FILETIME=[6F98E130:01D8F282] X-TUID: 6B2V/Q28g5eu From: venkata pyla As part of reproducible-build work, one of the problem chosen to solve is the file time stamps inside rootfs and initramfs are not identical between two builds. With the help of reproducible-builds.org and their suggestions, the above problem can be fixed using 'SOURCE_DATE_EPOCH' variable [2]. In case of rootfs file time-stamps, set all the files and folders that are newer than 'SOURCE_DATE_EPOCH' and set it to same. In case of initramfs, regenerate the initramfs image with 'SOURCE_DATE_EPOCH' variable set as the mkinitramfs script is already taken care of creating reproducible initramfs image when the variable is set in the environment[3]. The SOURCE_DATE_EPOCH variable should be set to the last modification of the git repository as explained in the documentation[2]. e.g: SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) To know more about the reproducible builds and its goals please refer [1]. [1] https://reproducible-builds.org/ [2] https://reproducible-builds.org/docs/source-date-epoch/ [3] https://manpages.debian.org/bullseye/initramfs-tools-core/mkinitramfs.8.en.html#ENVIRONMENT Signed-off-by: venkata pyla --- meta/classes/image.bbclass | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index ccff810..c1bb4fd 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -431,6 +431,21 @@ do_rootfs_finalize() { "${ROOTFSDIR}/etc/apt/sources.list.d/bootstrap.list" rm -f "${ROOTFSDIR}/etc/apt/sources-list" + + # Recreate initramfs inorder to set timestamps to SOURCE_DATE_EPOCH + # inorder to make reproducible initramfs + test ! -z "${SOURCE_DATE_EPOCH}" && \ + SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH} chroot "${ROOTFSDIR}" \ + update-initramfs -u -v + + # Set timestamp to files inside the rootfs image inorder to make + # reproducible rootfs + test ! -z "${SOURCE_DATE_EPOCH}" && \ + find ${ROOTFSDIR} -newermt \ + "$(date -d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d %H:%M:%S')" \ + -printf "%y %p\n" \ + -exec touch '{}' -h -d@${SOURCE_DATE_EPOCH} ';' + EOSUDO } addtask rootfs_finalize before do_rootfs after do_rootfs_postprocess -- 2.20.1