From: Felix Moessbauer <felix.moessbauer@siemens.com>
To: isar-users@googlegroups.com
Cc: jan.kiszka@siemens.com, daniel.bovensiepen@siemens.com,
henning.schild@siemens.com, venkata.pyla@toshiba-tsip.com,
Felix Moessbauer <felix.moessbauer@siemens.com>
Subject: [PATCH v3 00/10] Make rootfs build reproducible
Date: Mon, 16 Jan 2023 03:35:42 +0000 [thread overview]
Message-ID: <20230116033552.139048-1-felix.moessbauer@siemens.com> (raw)
This series finally makes the rootfs generation bit-reproducible
from debian bullseye on. Parts of it have already been sent
as individual patches. However, image reproducibility can only
be achived once all parts are reproducible itself. By that,
these patches are included in this series as well.
With this series, the following parts are now fully reproducible.
This has been tested on the isar-image-base target.
- custom initramfs (creation and updates)
- debian initramfs (only updates are relevant)
- custom kernel (debian kernel is reproducible itself)
- rootfs itself
- tar file generation (<image>.tar)
- ext4 generation (only from bookworm on, more tests needed)
Other parts that are still not reproducible are:
- WIC (should be solved in OE already)
- containers (untested yet)
- SDK (note added in v3)
Changes since v2:
- fix issue issue when SOURCE_DATE_EPOCH is not defined
- replaced "fix rebuild of rootfs_finalize task" with Hennings version
- minor style fix in image-account-extension
Changes since v1:
- dropped patch "deb_add_changelog: use SOURCE_DATE_EPOCH"
- fixed typo in "generate deterministic clear-text password hash"
- added comment about why SOURCE_DATE_EPOCH must only be set for
image rootfs but not for other rootfs'.
Best regards,
Felix Moessbauer
Siemens AG
Felix Moessbauer (8):
rootfs postprocess: clean python cache
remove non-portable ldconfig aux-cache
generate deterministic clear-text password hash
update debian initramfs in deterministic mode
create custom initramfs in deterministic mode
make deb_add_changelog idempotent
deb_add_changelog: set timestamp to valid epoch
make custom linux-image bit-by-bit reproducible
Henning Schild (1):
image: make sure do_rootfs_finalize can run multiple times
venkata pyla (1):
image.bbclass: fix non-reproducible file time-stamps inside rootfs
meta-isar/conf/local.conf.sample | 10 +++++
meta/classes/debianize.bbclass | 20 ++++++----
meta/classes/image-account-extension.bbclass | 10 ++++-
meta/classes/image.bbclass | 39 +++++++++++++++----
meta/classes/initramfs.bbclass | 5 +++
meta/classes/rootfs.bbclass | 13 +++++++
.../linux/files/debian/isar/build.tmpl | 1 +
.../linux/files/debian/rules.tmpl | 14 ++++++-
meta/recipes-kernel/linux/linux-custom.inc | 2 +
9 files changed, 98 insertions(+), 16 deletions(-)
--
2.34.1
next reply other threads:[~2023-01-16 3:36 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-16 3:35 Felix Moessbauer [this message]
2023-01-16 3:35 ` [PATCH v3 01/10] image: make sure do_rootfs_finalize can run multiple times Felix Moessbauer
2023-01-16 3:35 ` [PATCH v3 02/10] image.bbclass: fix non-reproducible file time-stamps inside rootfs Felix Moessbauer
2023-01-16 3:35 ` [PATCH v3 03/10] rootfs postprocess: clean python cache Felix Moessbauer
2023-01-16 3:35 ` [PATCH v3 04/10] remove non-portable ldconfig aux-cache Felix Moessbauer
2023-01-16 3:35 ` [PATCH v3 05/10] generate deterministic clear-text password hash Felix Moessbauer
2023-01-16 3:35 ` [PATCH v3 06/10] update debian initramfs in deterministic mode Felix Moessbauer
2023-01-16 3:35 ` [PATCH v3 07/10] create custom " Felix Moessbauer
2023-01-16 3:35 ` [PATCH v3 08/10] make deb_add_changelog idempotent Felix Moessbauer
2023-01-16 3:35 ` [PATCH v3 09/10] deb_add_changelog: set timestamp to valid epoch Felix Moessbauer
2023-01-16 3:35 ` [PATCH v3 10/10] make custom linux-image bit-by-bit reproducible Felix Moessbauer
2023-01-25 7:16 ` [PATCH v3 00/10] Make rootfs build reproducible Uladzimir Bely
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230116033552.139048-1-felix.moessbauer@siemens.com \
--to=felix.moessbauer@siemens.com \
--cc=daniel.bovensiepen@siemens.com \
--cc=henning.schild@siemens.com \
--cc=isar-users@googlegroups.com \
--cc=jan.kiszka@siemens.com \
--cc=venkata.pyla@toshiba-tsip.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox