From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 7187242631035879424
X-Received: by 2002:adf:e34e:0:b0:242:453f:fd14 with SMTP id n14-20020adfe34e000000b00242453ffd14mr3596200wrj.468.1673840167490;
        Sun, 15 Jan 2023 19:36:07 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a05:6000:250:b0:269:604b:a0dd with SMTP id
 m16-20020a056000025000b00269604ba0ddls7349223wrz.0.-pod-prod-gmail; Sun, 15
 Jan 2023 19:36:06 -0800 (PST)
X-Google-Smtp-Source: AMrXdXsbPDFNUyZi7LN9Mx8e9LH3VYOcV/Hq1Xvi5luNjl+RqYnwIIrjYyWiOPQkuQVZUnc5o107
X-Received: by 2002:a05:6000:124e:b0:2bb:e9e6:ac26 with SMTP id j14-20020a056000124e00b002bbe9e6ac26mr17840870wrx.57.1673840166219;
        Sun, 15 Jan 2023 19:36:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673840166; cv=none;
        d=google.com; s=arc-20160816;
        b=SyQoJfNBEkINaPIJCKRvFypBYRNaKCfTK2C3UZcnvF+OO5Tyvzl+P2M3IwCi5C7chx
         ZIwcPs8tMDRscSwarI4zsIboWEddD9MbxD5IloM8KG5LPQkhIQ2WtIPdzPWMQCPdInzB
         9WKaR/3scRd8eiDK5N3BThK5CFQcM4kS17vdl33Ule1w8DpIWSKWgd6oLRSTU0yH9CZc
         GR/fh6fCcK2F/t8igUD4aa8bMmdUJaoPBgWzFJ49YXRhvCi93lLJvsqdFAyQmMEUgWbo
         Ydb8QvWm68aD8KT6dUZLnYPaFexEZRDqlsWy2sGB3GVoMxqPGFpNsjff0r6D3ip9Dot/
         /aaw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=feedback-id:content-transfer-encoding:mime-version:message-id:date
         :subject:cc:to:from:dkim-signature;
        bh=6SeOzusjs/sARjc7sbvBp6BrxqjHtGJ8ffXDwafWFSw=;
        b=PNfVZpaDqeLSbconzcV7A03JDyaMeFY6z5KGy5Nm4Fx2L013SDW/0ZFnVV4aClR7Ma
         +5AvXfbnxdbY/muIJCf/0hiQNb7hEzuzmDm9CEeirGzxXBNCu5G0xS42FEsiU7gvZOf3
         ErDurM0ER+656VG9N9hb/xAvcvItoRcEFj5flFmeu1I6DKdl/DfxizE5Lw0hHKDWnCUi
         v8dyIFIfv+kxvx6KWpBnoL+QcM97bjG+VNyzARe+m6mf1EtETnvoIAlopZNQbqSmGkJO
         sSRDSe5vG7sycKOMnHjVIIBabhzidsAY/D/cM2GSuGtycqpTVQJglN2QhYivlFD7z4Mh
         MrDw==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm1 header.b=bJ21xNJL;
       spf=pass (google.com: domain of fm-72506-20230116033605010a5448335dd359e0-5sskyw@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) smtp.mailfrom=fm-72506-20230116033605010a5448335dd359e0-5sSkYw@rts-flowmailer.siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Return-Path: <fm-72506-20230116033605010a5448335dd359e0-5sSkYw@rts-flowmailer.siemens.com>
Received: from mta-65-226.siemens.flowmailer.net (mta-65-226.siemens.flowmailer.net. [185.136.65.226])
        by gmr-mx.google.com with ESMTPS id ba30-20020a0560001c1e00b00241d0141fbcsi1311406wrb.8.2023.01.15.19.36.06
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 15 Jan 2023 19:36:06 -0800 (PST)
Received-SPF: pass (google.com: domain of fm-72506-20230116033605010a5448335dd359e0-5sskyw@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) client-ip=185.136.65.226;
Authentication-Results: gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm1 header.b=bJ21xNJL;
       spf=pass (google.com: domain of fm-72506-20230116033605010a5448335dd359e0-5sskyw@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) smtp.mailfrom=fm-72506-20230116033605010a5448335dd359e0-5sSkYw@rts-flowmailer.siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id 20230116033605010a5448335dd359e0
        for <isar-users@googlegroups.com>;
        Mon, 16 Jan 2023 04:36:05 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1;
 d=siemens.com; i=felix.moessbauer@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc;
 bh=6SeOzusjs/sARjc7sbvBp6BrxqjHtGJ8ffXDwafWFSw=;
 b=bJ21xNJLcw9N2U/8z7xjJj8D+p2gpIfddx5Ynaa57rBVUYPRxxLpvvGpiIjfN4v9ap+0YU
 VFmsMt8Vulce86R9CY2JYEGnBRMgRX27MsgGgPCO2g6TBi7GLj4G6fB0gg4D6uBQfmKPnMP1
 Atopzhukyk3qjogwLxND0pIUB0Mv0=;
From: Felix Moessbauer <felix.moessbauer@siemens.com>
To: isar-users@googlegroups.com
Cc: jan.kiszka@siemens.com,
	daniel.bovensiepen@siemens.com,
	henning.schild@siemens.com,
	venkata.pyla@toshiba-tsip.com,
	Felix Moessbauer <felix.moessbauer@siemens.com>
Subject: [PATCH v3 00/10] Make rootfs build reproducible
Date: Mon, 16 Jan 2023 03:35:42 +0000
Message-Id: <20230116033552.139048-1-felix.moessbauer@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-72506:519-21489:flowmailer
X-TUID: vpm46J1uqGJ+

This series finally makes the rootfs generation bit-reproducible
from debian bullseye on. Parts of it have already been sent
as individual patches. However, image reproducibility can only
be achived once all parts are reproducible itself. By that,
these patches are included in this series as well.

With this series, the following parts are now fully reproducible.
This has been tested on the isar-image-base target.

- custom initramfs (creation and updates)
- debian initramfs (only updates are relevant)
- custom kernel (debian kernel is reproducible itself)
- rootfs itself
- tar file generation (<image>.tar)
- ext4 generation (only from bookworm on, more tests needed)

Other parts that are still not reproducible are:

- WIC (should be solved in OE already)
- containers (untested yet)
- SDK (note added in v3)

Changes since v2:

- fix issue issue when SOURCE_DATE_EPOCH is not defined
- replaced "fix rebuild of rootfs_finalize task" with Hennings version
- minor style fix in image-account-extension

Changes since v1:

- dropped patch "deb_add_changelog: use SOURCE_DATE_EPOCH"
- fixed typo in "generate deterministic clear-text password hash"
- added comment about why SOURCE_DATE_EPOCH must only be set for
  image rootfs but not for other rootfs'.

Best regards,
Felix Moessbauer
Siemens AG

Felix Moessbauer (8):
  rootfs postprocess: clean python cache
  remove non-portable ldconfig aux-cache
  generate deterministic clear-text password hash
  update debian initramfs in deterministic mode
  create custom initramfs in deterministic mode
  make deb_add_changelog idempotent
  deb_add_changelog: set timestamp to valid epoch
  make custom linux-image bit-by-bit reproducible

Henning Schild (1):
  image: make sure do_rootfs_finalize can run multiple times

venkata pyla (1):
  image.bbclass: fix non-reproducible file time-stamps inside rootfs

 meta-isar/conf/local.conf.sample              | 10 +++++
 meta/classes/debianize.bbclass                | 20 ++++++----
 meta/classes/image-account-extension.bbclass  | 10 ++++-
 meta/classes/image.bbclass                    | 39 +++++++++++++++----
 meta/classes/initramfs.bbclass                |  5 +++
 meta/classes/rootfs.bbclass                   | 13 +++++++
 .../linux/files/debian/isar/build.tmpl        |  1 +
 .../linux/files/debian/rules.tmpl             | 14 ++++++-
 meta/recipes-kernel/linux/linux-custom.inc    |  2 +
 9 files changed, 98 insertions(+), 16 deletions(-)

-- 
2.34.1