From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7187242631035879424 X-Received: by 2002:a05:600c:4615:b0:3cf:8e62:f748 with SMTP id m21-20020a05600c461500b003cf8e62f748mr3275268wmo.175.1673410327926; Tue, 10 Jan 2023 20:12:07 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a1c:e909:0:b0:3d9:c8dd:fd3f with SMTP id q9-20020a1ce909000000b003d9c8ddfd3fls370786wmc.0.-pod-control-gmail; Tue, 10 Jan 2023 20:12:06 -0800 (PST) X-Google-Smtp-Source: AMrXdXsqHyZzS6qN/JIjLLihgnNKeRpl91IIk35AZNr8QLJR4MBiT9GYrSDyPPgYnCjboXfly9ik X-Received: by 2002:a05:600c:1911:b0:3d9:8635:a916 with SMTP id j17-20020a05600c191100b003d98635a916mr48000041wmq.9.1673410326525; Tue, 10 Jan 2023 20:12:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673410326; cv=none; d=google.com; s=arc-20160816; b=x/t4symv99ghP3/ekdv8kgmjmfTzDE4h40HvrcniesVRI2NbRf4oW9IqCE2QePwqYO 47VPfPpgfFY8j6oijc0DYv5aPpEwMk4poSRNMw7/XIcJ2euqIvf5nTwia1fEW2sZjFlr 80QeefhkVU1dngES2O1bd5A1iZUlDvWATcqvzMVKY8cYQcCNhRLduWXmXsyG3FARfaNm 4+LwH7wTQ8kK6VDIJvquZb8GNcr8SIeOQGYnT8u1PngTE4jwr3WwJwHIUoCax+i9/E0S xuQc/BdAcrcrYxB3h0SJrIBlFuEEMr6V8UXOntWvCKIeLn01v9lLxdpf+V9Gy7DAgL6O Rw9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=feedback-id:content-transfer-encoding:mime-version:message-id:date :subject:cc:to:from:dkim-signature; bh=fVcB3MpYjehASci0t5G2KEnT1pR0M7ChBbwXvsD6GPg=; b=lRN/6iuR/584h6smaKn1qHugVBLqOo6iq2c9sJo/HKezRWS0LweZ/ncDfBJxS0LXwl e3WFWjoQ2oGet8U40J6x9eLAzRnecTZk2EZ4hc9qU+5dfqI/2licbY8yefO6DpIOzi38 PEYuWSOmwwyiKI5WktXMgfUkFH/5TLskEArKnjrfV6GO09IQLoI+Tbk610vIaSQfpJRr FQBji9e/shnoZdWNJTUfxczdtpN2fDrYS+LWEkCpOA/rDPVQClTwn4ZAMvCobbAmY8uG Vb5LAMFD9yOvizc70qpuvaxDLhLKYQvhpWwj5TtUq6eiVj5I1nRFsMg1bIouRC/3dusj AjyA== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=gqxHI970; spf=pass (google.com: domain of fm-72506-2023011104120548aa453003ebe3fa45-q0125f@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) smtp.mailfrom=fm-72506-2023011104120548aa453003ebe3fa45-Q0125F@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from mta-65-226.siemens.flowmailer.net (mta-65-226.siemens.flowmailer.net. [185.136.65.226]) by gmr-mx.google.com with ESMTPS id v6-20020a1cf706000000b003d9ae6cfd2esi611101wmh.2.2023.01.10.20.12.06 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Jan 2023 20:12:06 -0800 (PST) Received-SPF: pass (google.com: domain of fm-72506-2023011104120548aa453003ebe3fa45-q0125f@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) client-ip=185.136.65.226; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=gqxHI970; spf=pass (google.com: domain of fm-72506-2023011104120548aa453003ebe3fa45-q0125f@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) smtp.mailfrom=fm-72506-2023011104120548aa453003ebe3fa45-Q0125F@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id 2023011104120548aa453003ebe3fa45 for ; Wed, 11 Jan 2023 05:12:05 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=felix.moessbauer@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc; bh=fVcB3MpYjehASci0t5G2KEnT1pR0M7ChBbwXvsD6GPg=; b=gqxHI970uJomHJMStAGFk22L9q7TUwQZqAgzRPv/8WzjT+ffkSdKewL1YRQU5h6b+6uOcq QWe2O6zKeCHRWQ/FoIaqAhGiCWN1O7tCK7j+f9gPKOlX3sH/7BmjQ608hBQa4QstuaoqxRAD BlByJnt2mdpicBeGUeX1r+pEVKeCs=; From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, daniel.bovensiepen@siemens.com, henning.schild@siemens.com, venkata.pyla@toshiba-tsip.com, Felix Moessbauer Subject: [PATCH 00/11] Make rootfs build reproducible Date: Wed, 11 Jan 2023 04:11:29 +0000 Message-Id: <20230111041140.3460393-1-felix.moessbauer@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-72506:519-21489:flowmailer X-TUID: q1+XzI9W2xT7 This series finally makes the rootfs generation bit-reproducible from debian bullseye on. Parts of it have already been sent as individual patches. However, image reproducibility can only be achived once all parts are reproducible itself. By that, these patches are included in this series as well. With this series, the following parts are now fully reproducible. This has been tested on the isar-image-base target. - custom initramfs (creation and updates) - debian initramfs (only updates are relevant) - custom kernel (debian kernel is reproducible itself) - rootfs itself - tar file generation (.tar) - ext4 generation (only from bookworm on, more tests needed) Other parts that are still not reproducible are: - WIC (should be solved in OE already) - containers (untested yet) Best regards, Felix Moessbauer Siemens AG Felix Moessbauer (10): fix rebuild of rootfs_finalize task rootfs postprocess: clean python cache remove non-portable ldconfig aux-cache generate deterministic clear-text password hash update debian initramfs in deterministic mode create custom initramfs in deterministic mode make deb_add_changelog idempotent deb_add_changelog: set timestamp to valid epoch deb_add_changelog: use SOURCE_DATE_EPOCH make custom linux-image bit-by-bit reproducible venkata pyla (1): image.bbclass: fix non-reproducible file time-stamps inside rootfs meta-isar/conf/local.conf.sample | 10 +++++++++ meta/classes/debianize.bbclass | 22 +++++++++++++------ meta/classes/image-account-extension.bbclass | 10 ++++++++- meta/classes/image.bbclass | 21 ++++++++++++++++-- meta/classes/initramfs.bbclass | 5 +++++ meta/classes/rootfs.bbclass | 13 +++++++++++ .../linux/files/debian/isar/build.tmpl | 1 + .../linux/files/debian/rules.tmpl | 14 +++++++++++- meta/recipes-kernel/linux/linux-custom.inc | 2 ++ 9 files changed, 87 insertions(+), 11 deletions(-) -- 2.34.1