From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7187242631035879424 X-Received: by 2002:a05:6512:e8c:b0:4b5:940b:6933 with SMTP id bi12-20020a0565120e8c00b004b5940b6933mr4147047lfb.368.1673503012526; Wed, 11 Jan 2023 21:56:52 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:ac2:58f3:0:b0:49a:b814:856d with SMTP id v19-20020ac258f3000000b0049ab814856dls262526lfo.1.-pod-prod-gmail; Wed, 11 Jan 2023 21:56:50 -0800 (PST) X-Google-Smtp-Source: AMrXdXuFAbVkkZ1f2rAefWQcbbM3qjSPF3Mdh7GHLFk1Eytc7TeXjER76mwvzg32dBLgh4kLkC/n X-Received: by 2002:a05:6512:b14:b0:4ca:f8ec:e86e with SMTP id w20-20020a0565120b1400b004caf8ece86emr23613601lfu.30.1673503010897; Wed, 11 Jan 2023 21:56:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673503010; cv=none; d=google.com; s=arc-20160816; b=O50h9gQu5FEUiXnb53Ta4FGpPU76EdU0yQp62vhmmPLLB2WJZCN459KTFF9b8odRXg bPSwV+Z09aQEtjOr8ULVDb8IKpRRI3X4QCE8VXs7iWw3XAY87aEVMYERra4QuNSlp4oe rUOIE8zJt4e5aVIsocEUnFhutWZTnfc3B74EKRRrfM6RQyy035przOtQyx17meim5mJ6 ThSSAevG/5KhVMknu3Ov/fHayoW9bNgsvae2oRk5J0F+Vn3JNNZstseeVOxJSfOgpADD 9ELNPFnNb3AVQNbN2+1Eks/5b6KgERuwy3tIu/ALz9nzB6WmLS/LGg5Wbhr+AysiwX8f TFVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=feedback-id:content-transfer-encoding:mime-version:message-id:date :subject:cc:to:from:dkim-signature; bh=UhjGnxPWekteirfB6Hyy/05dGxqUGmZ7BaLv9t4XKSk=; b=Iyg5iuTXn7Oeu3YrcdMlwMEOFnabOeUqQ9YE3NqetX+vMFltY7txe4yuMXxeFmm9NS 7eM7Hs59235tf+fLqkUboVNYRPAe/lD2DDeLxjdB0SwTj42IbFwHWSAfOXpN4CobcYkM DasT88oK/S1qP/taUjRB/7dpqJaiKFMwKp7H9EHWtqTvufzKwTQ2gDy+Roj7QmIh8sNJ FSfBRG0VcsoqhF5VwSXiNPbQShTRLc/LTiaNSytT15RPgziRo3+t15mbi0O3KImtFPGV yPmTWyqpwy/uM+YqD7e0a2ZYqMX+FouNREEy83yfHhSENgmCU6q/H7wK62A7/BDsuEa5 JD3g== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=p6aG8ElD; spf=pass (google.com: domain of fm-72506-20230112055650a3ed3bd805ab442f60-avzled@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-72506-20230112055650a3ed3bd805ab442f60-avzlEd@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from mta-64-225.siemens.flowmailer.net (mta-64-225.siemens.flowmailer.net. [185.136.64.225]) by gmr-mx.google.com with ESMTPS id g2-20020a056512118200b0048b38f379d7si781853lfr.0.2023.01.11.21.56.50 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 Jan 2023 21:56:50 -0800 (PST) Received-SPF: pass (google.com: domain of fm-72506-20230112055650a3ed3bd805ab442f60-avzled@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) client-ip=185.136.64.225; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=p6aG8ElD; spf=pass (google.com: domain of fm-72506-20230112055650a3ed3bd805ab442f60-avzled@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-72506-20230112055650a3ed3bd805ab442f60-avzlEd@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id 20230112055650a3ed3bd805ab442f60 for ; Thu, 12 Jan 2023 06:56:50 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=felix.moessbauer@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc; bh=UhjGnxPWekteirfB6Hyy/05dGxqUGmZ7BaLv9t4XKSk=; b=p6aG8ElDV5PaE9nVzu2Y+qE9S6k+JkX+vzK6ZxFXjHxQYS8XZF0iXOn2fF6/d0p8Z6h7q3 HAaEWn2b3ZYBc4fv6ShM813b1XEqmmIpjRBE/hBNnvWzbDSS+l3GDBMXnVx5z95VA4BJNQ0d cwXsWGX5SHCZMBgFZY4eR63cALoIE=; From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, daniel.bovensiepen@siemens.com, henning.schild@siemens.com, venkata.pyla@toshiba-tsip.com, Felix Moessbauer Subject: [PATCH v2 00/10] Make rootfs build reproducible Date: Thu, 12 Jan 2023 05:56:09 +0000 Message-Id: <20230112055619.843445-1-felix.moessbauer@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-72506:519-21489:flowmailer X-TUID: cJXjEWV/HP4O This series finally makes the rootfs generation bit-reproducible from debian bullseye on. Parts of it have already been sent as individual patches. However, image reproducibility can only be achived once all parts are reproducible itself. By that, these patches are included in this series as well. With this series, the following parts are now fully reproducible. This has been tested on the isar-image-base target. - custom initramfs (creation and updates) - debian initramfs (only updates are relevant) - custom kernel (debian kernel is reproducible itself) - rootfs itself - tar file generation (.tar) - ext4 generation (only from bookworm on, more tests needed) Other parts that are still not reproducible are: - WIC (should be solved in OE already) - containers (untested yet) Changes since v1: - dropped patch "deb_add_changelog: use SOURCE_DATE_EPOCH" - fixed typo in "generate deterministic clear-text password hash" - added comment about why SOURCE_DATE_EPOCH must only be set for image rootfs but not for other rootfs'. Best regards, Felix Moessbauer Siemens AG Felix Moessbauer (9): fix rebuild of rootfs_finalize task rootfs postprocess: clean python cache remove non-portable ldconfig aux-cache generate deterministic clear-text password hash update debian initramfs in deterministic mode create custom initramfs in deterministic mode make deb_add_changelog idempotent deb_add_changelog: set timestamp to valid epoch make custom linux-image bit-by-bit reproducible venkata pyla (1): image.bbclass: fix non-reproducible file time-stamps inside rootfs meta-isar/conf/local.conf.sample | 10 ++++++++ meta/classes/debianize.bbclass | 20 +++++++++------ meta/classes/image-account-extension.bbclass | 10 +++++++- meta/classes/image.bbclass | 25 +++++++++++++++++-- meta/classes/initramfs.bbclass | 5 ++++ meta/classes/rootfs.bbclass | 13 ++++++++++ .../linux/files/debian/isar/build.tmpl | 1 + .../linux/files/debian/rules.tmpl | 14 ++++++++++- meta/recipes-kernel/linux/linux-custom.inc | 2 ++ 9 files changed, 89 insertions(+), 11 deletions(-) -- 2.34.1