From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 7187242631035879424
X-Received: by 2002:a05:6512:32cc:b0:4cc:941b:7cc0 with SMTP id f12-20020a05651232cc00b004cc941b7cc0mr298188lfg.365.1673441709341;
        Wed, 11 Jan 2023 04:55:09 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a05:6512:214f:b0:4c8:8384:83f3 with SMTP id
 s15-20020a056512214f00b004c8838483f3ls5956046lfr.3.-pod-prod-gmail; Wed, 11
 Jan 2023 04:55:08 -0800 (PST)
X-Google-Smtp-Source: AMrXdXtt4fh37oHmThEN5gL6ihUtaflA2UMw2egEyfZk+X/CodvKeee8d3fJkIr3qr2UwWxxpVCI
X-Received: by 2002:a05:6512:150b:b0:4ca:e66e:43c8 with SMTP id bq11-20020a056512150b00b004cae66e43c8mr20890668lfb.14.1673441708014;
        Wed, 11 Jan 2023 04:55:08 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1673441708; cv=pass;
        d=google.com; s=arc-20160816;
        b=Iu/kAHzMUBWjf2gNCttThIQvCRJbUATrIk8hR5VMJ9C3DKQ33o9nJj4DsEQUAMVBvX
         l/ba/YAnoj+e1V2kNIQzpJhaiWRaylSN8/HES8iTz6UECDVryn9vPiO8lZnjsnDDwyJN
         A7aQbJ5tPQBzImwzDtWN8p9l9UwQmqoV7TZPKXuz0enZwv5N7MOCWGJG6oJufRHbUyAr
         TeClf0E7wANsXp/nVHzdix3ADcNIj9UtQeH459xqi1VUtEslCTLMnqnexlugUBhw+ZvW
         2r6GEPlG+VwNb3gAe0uED/XudQO4ztKAFY1req+NfaBwJzH6ybhi6VhvTguZEmghafek
         I1Vw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=mime-version:content-transfer-encoding:references:in-reply-to
         :message-id:subject:cc:to:from:date:dkim-signature;
        bh=CPw9JU9w0ZJQcul8itBfGt3oClxdPk2sRMmy4szYIWk=;
        b=B4dzoD7kOGlozYHH+8hycG+RwthkE2DxR5A0c7/7ZmQXtW6Obq0D1a+h2IGWO0zewm
         5rqWfcR+W8MNrRT/a2tUVHyxeR0WbI4pZz+e9R0ZnJut4JLNLpCsgChhNkh/VrxdUUZA
         H9CGM/LrEfi0PooyWrv2P1fP0gDsknYXqhfUC/IHIt9AXYi6+aqltGIARggh2EmyOlpn
         Z1s12AzhoWcozUp+MrxWZzAX15LDkBRuVDSjnv4oIyMmvKS8cbwj+1MV70P0dbTSoaNg
         PqIdA6w0dmaM3MJafJ9dzZHyXysOe41EoceoiC3QlSEnz4uihKJYqn56CWEJkFuLx9Ex
         egwg==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=selector2 header.b=Q6He7dvp;
       arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com);
       spf=pass (google.com: domain of henning.schild@siemens.com designates 40.107.22.60 as permitted sender) smtp.mailfrom=henning.schild@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Return-Path: <henning.schild@siemens.com>
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2060.outbound.protection.outlook.com. [40.107.22.60])
        by gmr-mx.google.com with ESMTPS id g2-20020a056512118200b0048b38f379d7si674426lfr.0.2023.01.11.04.55.07
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 11 Jan 2023 04:55:07 -0800 (PST)
Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 40.107.22.60 as permitted sender) client-ip=40.107.22.60;
Authentication-Results: gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=selector2 header.b=Q6He7dvp;
       arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com);
       spf=pass (google.com: domain of henning.schild@siemens.com designates 40.107.22.60 as permitted sender) smtp.mailfrom=henning.schild@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=bjDOCVc50US/ggbIrC/aC3wPM+1GLV5gcARDZoYyscm/HcUrsYOjnTroTVHdEFaaEyn7seTaGAy7idmqdFEfpTfYgW3wFgGBkUBGdeu3i8t2gcW0HRQ9B6qdgD8CDP16MOA7fG3eIkw4cfb+ONPHwLiTS78k5wNvVCFNQHqSk7sC8xAJracoxAsVKwL54uS4DjdFk9hffTSMyYjMyzVdApT5psWevQdnVVp2vsazASov7/UmhnHp2ZHcBH9gd2dlVoGzSvOoabdagEKT9mjcRWpgiG+4AMQqvUnR8cghxM/c0+HiD9zy4oA6uCinFqc6/JH5B6O5tk16Ns54Qa8Bsw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=CPw9JU9w0ZJQcul8itBfGt3oClxdPk2sRMmy4szYIWk=;
 b=GcXMFzevEriuoEErjdQokRsTZCumtu3LUAjRuUoUMd5iREyJFw3unxrp1XRcbf62zOW+bDyFOfOZlJRAbNRfXVIiUMEILo5MIx+jdHrfIyFNh+cyxnx+5U0VCL570rMUBS6Ebk3UZxmcUqvYd8nKH0ul/kGobEfJv0270oBBMDHddVvl3arUK8jW6F4Mt3Ut4hh0mIScFacMv2/Kp1MqxqVT3cnHopGu5FGfHpXuceJ187APaPMmAVPcrtc4dN6OIiO6PG/Vy8pEYXD/DAD7TP2NBvRl2yj9ZI+udvVLCdqYeZ1enbOe05l5zAI88cJ7Bn+fbh0pEj3j5U1j4UBAKA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com;
 dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=CPw9JU9w0ZJQcul8itBfGt3oClxdPk2sRMmy4szYIWk=;
 b=Q6He7dvpHBlzGCGul9mfrMftzGv/ZOmET+70BQ5CbNVEmThj5L/4u7JAHgjnU6BVW5BVvmi8IU+lzWImlVhClSeUfYN61g9Fx+gsAwZzCKsYC2h0f0g7sp2wnvZyc6fUCW8kwJZL6kvLKeU0V54qVLRTUFfVURZzwEL4mok0ehGWYd2pKdxMgRxCXgTCC7+LOiW/2t2UXKz7rwvp6BQqkguLSfbhGbRb796jda1qDeUXS1YqNGhwP54A3klULmAGU/p1s1TnatzWrCQsohgYNOr5z+KleaRVMSEPrF3HgduLP2rLi2AVoN3uokUhPoiPW2aKnvB+p2J0cwwUOzuGxQ==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=siemens.com;
Received: from PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:269::8)
 by PAWPR10MB7720.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:364::8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5986.18; Wed, 11 Jan
 2023 12:55:06 +0000
Received: from PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM
 ([fe80::bdf0:fdeb:f955:bc79]) by PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM
 ([fe80::bdf0:fdeb:f955:bc79%4]) with mapi id 15.20.6002.012; Wed, 11 Jan 2023
 12:55:05 +0000
Date: Wed, 11 Jan 2023 13:55:02 +0100
From: Henning Schild <henning.schild@siemens.com>
To: "Moessbauer, Felix (T CED INW-CN)" <felix.moessbauer@siemens.com>
Cc: "Bovensiepen, Daniel (bovi) (T CED INW-CN)"
 <daniel.bovensiepen@siemens.com>, "isar-users@googlegroups.com"
 <isar-users@googlegroups.com>, "Kiszka, Jan (T CED)"
 <jan.kiszka@siemens.com>, "venkata.pyla@toshiba-tsip.com"
 <venkata.pyla@toshiba-tsip.com>
Subject: Re: [PATCH 06/11] update debian initramfs in deterministic mode
Message-ID: <20230111135502.7325b46c@md1za8fc.ad001.siemens.net>
In-Reply-To: <290a8348da7db622e75e557319aa7c93aa693acd.camel@siemens.com>
References: <20230111041140.3460393-1-felix.moessbauer@siemens.com>
	<20230111041140.3460393-7-felix.moessbauer@siemens.com>
	<20230111092318.19415b12@md1za8fc.ad001.siemens.net>
	<290a8348da7db622e75e557319aa7c93aa693acd.camel@siemens.com>
X-Mailer: Claws Mail 4.1.0 (GTK 3.24.35; x86_64-pc-linux-gnu)
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: FR0P281CA0086.DEUP281.PROD.OUTLOOK.COM
 (2603:10a6:d10:1e::22) To PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM
 (2603:10a6:102:269::8)
Return-Path: henning.schild@siemens.com
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: PA4PR10MB5780:EE_|PAWPR10MB7720:EE_
X-MS-Office365-Filtering-Correlation-Id: 8d02937c-89b3-4917-ad71-08daf3d30fe0
X-LD-Processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
	VstjwNVIxYh9uf1lAsAWph+9DHO2ATTageAsz7V4h73A/RGWJKU9ePCBP41NcDaYj3AXwjVPucI1jBmNhnMC4qOfcn3vHYnxHHqIaO8glHJSuWJKSDLtHJsFfKMtzNV0LA0zZ/FOVyawd31gyV/Xu2UDqOuNGWcQNBSFIw0n1tgOH5F4OhLlYqgs0sk1ttXKzCede3sUaKuLTI8LqAsQ1PVu85w/35kkPf7owsMmpAu3HSoAcECveNeNZZlcRWzl01mmnI2Eqz572uCcQJSpQACot4iCaTZlFIsp97vFmrzpi81AENqLigCjRMqReqLLoTXSddeaWdCfYchU/ZxmOgTgGgHkTzfYpCoqYVZ4iBFQSmUXNOt3tp5g5wez4tCXNJt+s78uL3ju7itRLdF0V6Dj7W9MiIg4B+UsDJ26O/JccADDIr+LacPKECUUSG7FBj0oElal98MwySOqO2reVdSyXqnHJuHNUUdZ4Adptb3O7yXq5ltEWR8fJEtAYcF15sT1kglqLUkImcn6t18uEM1NXLklxdczfY/3VFzUrfy6TajxPtYkzFKM7jghEPUUo1pwuC6we5+e8S7Ts5iwe+onQGbFkq4GckbZBQWV49tn4vouzFcAulxvJ4+UKIkUT/FeYDb8JoSeH7wLvG68mQ==
X-Forefront-Antispam-Report:
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230022)(4636009)(366004)(136003)(376002)(346002)(39860400002)(396003)(451199015)(1076003)(316002)(9686003)(5660300002)(186003)(26005)(44832011)(6512007)(6486002)(478600001)(41300700001)(66556008)(66946007)(66476007)(6636002)(4326008)(54906003)(8676002)(6862004)(8936002)(83380400001)(86362001)(15650500001)(6666004)(6506007)(82960400001)(38100700002)(2906002);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0:
	=?us-ascii?Q?DIbSeR3VsPj2cIhIzHSXnBjhhFgIYw9MmMPfU+JTvEFNQpwe0nwZ5IDx4msd?=
 =?us-ascii?Q?RS3HmIP9Ufwpqn2FsNVXqjbaXbdTB/1jcHlwLZCTUJU58zR1FXh76keGyqaf?=
 =?us-ascii?Q?jOBkSDP++bHAGKsaM+BEVNgkgOCjeRVN1ubGOj3AlF478lJieQg3tj9aeY7n?=
 =?us-ascii?Q?/i7cWJ0naR4tS2+7dOfFTEuHX1eydoC3hUeBNndviQ1wy0Ts/3+e2NiWVNvB?=
 =?us-ascii?Q?6kNKN+11CxdYOaCFlF/DjqYkJJ/6YOIAy4U4IGIXpu613Eo9pu2wxwwmHT8C?=
 =?us-ascii?Q?c8HK4o/YjKCsiEtzHmOVvKoddiQv4pzhHZNFIX83YAOp+fC1OXob4/VOWcxG?=
 =?us-ascii?Q?Jtdsd1JtkjCGSGiBf/EbV4W/IfuvEizMYiJtRD+tfwhBbEoRJ16nPpKU7jok?=
 =?us-ascii?Q?rYwA9IKdiXn7xmy0bLq+Ama5+RzRLXVhvLLADRngRrwvbZqq/PJ3r6BsCcZA?=
 =?us-ascii?Q?Hrl1XnLDy2TEpmhdbCn+GdSS8q8DHXMuvzF3t8Oa4Xh6gCvjvDMK5CiWPKe7?=
 =?us-ascii?Q?Vfiea6b6VnTpPGdWF1LhGVQ4KSQYHYf3YyEz4J4hLMKO6RmzrW+XWE8wWpiH?=
 =?us-ascii?Q?sTJ+oZfqLjxBmcRhGHHLuM5nvTKYoOIzP37RdB7vksKCe69ub/cnBTVeD0Id?=
 =?us-ascii?Q?GOw2s6k3NRK4AOOdpl9QH1yNPLmQGcihHpEbMzyEoKG1xuEQhaWN+90/ifwg?=
 =?us-ascii?Q?T6jOCPOvmHX5voCkz1bVlzLS25PmVPB0YBx+rFjUGLdYwXYQNHCLAAncdwP8?=
 =?us-ascii?Q?Ov9sbV7onMi0ABn+fv/3ccgzNlueO5bCSACVa7rNG2TODANZYfQb8h9z49IA?=
 =?us-ascii?Q?f8zOFLcIo6BwBNqRbLq/UZblcmEL+DlcZh7RT0TEH/Wn9tLXl+hy388gILxj?=
 =?us-ascii?Q?oqFsBK40zgLGxnPlxScND0k9UoQFT3q6rEOvVToQU/v7JoxlWfpOohGOPuYJ?=
 =?us-ascii?Q?Hxz1cyEu5RGbE4TsSI4Yo+Pwvi+17SD+Wde/XPISK9QLOA0VGqrCp5T/FsGC?=
 =?us-ascii?Q?SjuI7StGXwD/7sP/nf1/RsPPUSkiErHEVjAiMOg1YBw3xtYlGg2m21+IWQqy?=
 =?us-ascii?Q?EddFaOpb4CrQIKApF+Vj0Esi3XpxK0c/Mu7Bi6r2owdRiIDkRu86wEWKFvx9?=
 =?us-ascii?Q?wqt5UM46Tyn7MJ1UtFdyHGlO471ES7Tch6T4HH+bDCH2EfOfaXNfD5FHbGfH?=
 =?us-ascii?Q?E76z6o9p9yiNfL54gQgsyya13UgrqapywMPl//Hsdz3HbEwVVQQDVkI2RsCl?=
 =?us-ascii?Q?/QT6vsTbc1r4LiJofK9e2ak2IbyfsWzljCWcmx1hG0KVJMfCsgeYeNmmnCNw?=
 =?us-ascii?Q?KrOaLe7vegvaK5ETTi4gndoR8/Fw9DNdwYH6ShZcEsZkJMMJPSIHTe0kDW6x?=
 =?us-ascii?Q?JB05hjdsQ26YI8jae+ToMa/lY6Bre9cMHMNsFsNxX2pl34b4h/yNWnmHtJ3d?=
 =?us-ascii?Q?3XDMkQNQzcO/n2dlZ49f2KRqK5rlVC3oK+RhZIuxkKfXombtJvYaLa8Z7UGq?=
 =?us-ascii?Q?7VjwOnIoP8uyabIBC8HPt+7lNjfhYlX1YSIcORRra/r0jBmyirNwwzNhZ3Gt?=
 =?us-ascii?Q?KwPj+reGMmANoLJMA7CWVA9k+ObH/HR8vWTbsbWin49JWc3x0XKnWA16Bl6N?=
 =?us-ascii?Q?7uE8UQ3G3/La9WSbJmItaic=3D?=
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8d02937c-89b3-4917-ad71-08daf3d30fe0
X-MS-Exchange-CrossTenant-AuthSource: PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jan 2023 12:55:05.7627
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: ppSmGyRSQd+L0WQrxcVmFBrGYuDmGz52pEA0EAui224e8Vgxor9kUSGFzH4XlLzhzO0bNJXEJ15nHX8UthWT+31FXuw0oIKqvBksoDH178A=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB7720
X-TUID: HmdDCEnSqEf3

Am Wed, 11 Jan 2023 09:39:34 +0100
schrieb "Moessbauer, Felix (T CED INW-CN)"
<felix.moessbauer@siemens.com>:

> On Wed, 2023-01-11 at 09:23 +0100, Henning Schild wrote:
> > Am Wed, 11 Jan 2023 04:11:35 +0000
> > schrieb Felix Moessbauer <felix.moessbauer@siemens.com>:
> >  
> > > This patch exports the SOURCE_DATE_EPOCH variable in the image
> > > install
> > > task. By that, update-initramfs is switched into reproducible
> > > mode. Before this patch, each trigger of update-initramfs created
> > > a new non-deterministic version of the initramfs.
> > >
> > > Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
> > > ---
> > >  meta/classes/image.bbclass | 7 +++++++
> > >  1 file changed, 7 insertions(+)
> > >
> > > diff --git a/meta/classes/image.bbclass
> > > b/meta/classes/image.bbclass
> > > index b86a428..c981c7a 100644
> > > --- a/meta/classes/image.bbclass
> > > +++ b/meta/classes/image.bbclass
> > > @@ -304,6 +304,13 @@ python() {
> > >  }
> > >
> > >
> > > +# make generation of initramfs reproducible
> > > +rootfs_install_pkgs_install_prepend() {
> > > +    if [ ! -z "${SOURCE_DATE_EPOCH}" ]; then
> > > +        export SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH}"
> > > +    fi
> > > +}  
> >
> > Why prepend and not put this right into the task? This will be hard
> > to
> > maintain.  
> 
> Yes, true. However, the rootfs_install_pkgs_install is shared across
> all rootfs, but we really only want to set the SOURCE_DATE_EPOCH
> variable for the final target image install. If we would add it
> globally, this would break SSTATE caching all over the place, as it
> would have influence on the sbuild chroots.
> 
> On the other side, we also cannot whitelist the variable as it
> internally changes the logic of many tools so that they run in
> deterministic mode. And we also have to rebuild parts that depend on
> the value of the variable.

makes sense, but this has to be commented in the code, maybe bits in
the commit message, but likely mostly in the code

Henning

> Felix
> 
> >
> > Henning
> >  
> > >  # here we call a command that should describe your whole build
> > > system, # this could be "git describe" or something similar.
> > >  # set ISAR_RELEASE_CMD to customize, or override do_mark_rootfs
> > > to do something  
> >  
>