From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 7187242631035879424
X-Received: by 2002:a5d:50ca:0:b0:2bc:841d:c9b0 with SMTP id f10-20020a5d50ca000000b002bc841dc9b0mr994661wrt.181.1673840172504;
        Sun, 15 Jan 2023 19:36:12 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a05:6000:250:b0:269:604b:a0dd with SMTP id
 m16-20020a056000025000b00269604ba0ddls7349380wrz.0.-pod-prod-gmail; Sun, 15
 Jan 2023 19:36:11 -0800 (PST)
X-Google-Smtp-Source: AMrXdXt/3u9N+yzGZeM8ckbtlG4NlCORWraMKAPE5pvad5Hh10R+Dq7cXQeNExHLBGkXi1pRsf3z
X-Received: by 2002:a5d:430e:0:b0:279:53e1:5178 with SMTP id h14-20020a5d430e000000b0027953e15178mr48081463wrq.45.1673840171257;
        Sun, 15 Jan 2023 19:36:11 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673840171; cv=none;
        d=google.com; s=arc-20160816;
        b=IkS/0Ny4HIm6MnlwxM3jYQXULamuxJxxoDsg2tT0aMgPwejAPy/QO7Qd/Q10ko4EU/
         eGj2/q7yah/fRDAqy5cZHYwB3YLsENL6NF8DvYGgxFhviqObgPdB3OI/JEvhoTDWyJi4
         glYnhZeq8u0ilMDPh8H91PRSYHYNKGkACjs/8dwdPMBjPIGnpmcN+B2wm3t0UYCoc80L
         DcnVvA/LvvJ7ffYlg8ohh3AhV+24fHCuVMZcPwwbRAUlM7K7V0Y0dprnsUj1GyDmXp5L
         FBbyjRCTlFloZJlKLql2/FhMqCU9n+imL9wuhMFYAZcKPAY92AoUzJhasf56uHfG0hCm
         DOUA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=feedback-id:content-transfer-encoding:mime-version:references
         :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature;
        bh=2XqREl3itjt8CZVjayyMocpiwuC+1XwgMzggMSLtHHs=;
        b=Ki1aPkiR4UF5DkQPbl1XGABK2TZz7eu1weC/pbKonw3gPZd8x59CxbpvbfnwEz/Hn8
         osG20fIHrmMcv9T58EjRJ9XUHvfM1ya2GF7CdHJ2zpRmbumWoaM9OsAkCJTVj1q7HegF
         j6b6E59N4a7qoIGFe5VVEVbwHNzpWpTLUCQNLD73Lso959rwlaizotmyixA8rgcDblHc
         T+A7ugJ4Jwm0vI1yz6I5L4b3zcW71r0CmsPQtS96H5JsFJ2fknFCtkB6CnIWCCwRu7MP
         /QTOIvGuGac2vcBRPDYd4hCFQBkrSjtA5wGw0Fsm4Nw2pE1XwSskbZr8hO+Zzxj2cJs5
         NkAA==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm1 header.b=Ig16NCVF;
       spf=pass (google.com: domain of fm-72506-202301160336100b4215e3abd0048330-qgxdi2@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-72506-202301160336100b4215e3abd0048330-qGxdI2@rts-flowmailer.siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Return-Path: <fm-72506-202301160336100b4215e3abd0048330-qGxdI2@rts-flowmailer.siemens.com>
Received: from mta-64-225.siemens.flowmailer.net (mta-64-225.siemens.flowmailer.net. [185.136.64.225])
        by gmr-mx.google.com with ESMTPS id ba30-20020a0560001c1e00b00241d0141fbcsi1311411wrb.8.2023.01.15.19.36.11
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 15 Jan 2023 19:36:11 -0800 (PST)
Received-SPF: pass (google.com: domain of fm-72506-202301160336100b4215e3abd0048330-qgxdi2@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) client-ip=185.136.64.225;
Authentication-Results: gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm1 header.b=Ig16NCVF;
       spf=pass (google.com: domain of fm-72506-202301160336100b4215e3abd0048330-qgxdi2@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-72506-202301160336100b4215e3abd0048330-qGxdI2@rts-flowmailer.siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id 202301160336100b4215e3abd0048330
        for <isar-users@googlegroups.com>;
        Mon, 16 Jan 2023 04:36:10 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1;
 d=siemens.com; i=felix.moessbauer@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To;
 bh=2XqREl3itjt8CZVjayyMocpiwuC+1XwgMzggMSLtHHs=;
 b=Ig16NCVF2ESNpm0rV7tknrvQe5tqJCHOrjdqxFsIAJgswLwcVNIhMqWpKrwWvAUUzvTCgk
 csouRd3nsJpOvtWjSeOHlDudVNyhNV+0MvXbNNUta8ZYyxLMSXcneo9uBoERwMj8FoeAoV0K
 HB3I23ieXsKNRDnNUIndIBJRQEh8s=;
From: Felix Moessbauer <felix.moessbauer@siemens.com>
To: isar-users@googlegroups.com
Cc: jan.kiszka@siemens.com,
	daniel.bovensiepen@siemens.com,
	henning.schild@siemens.com,
	venkata.pyla@toshiba-tsip.com,
	Felix Moessbauer <felix.moessbauer@siemens.com>
Subject: [PATCH v3 02/10] image.bbclass: fix non-reproducible file time-stamps inside rootfs
Date: Mon, 16 Jan 2023 03:35:44 +0000
Message-Id: <20230116033552.139048-3-felix.moessbauer@siemens.com>
In-Reply-To: <20230116033552.139048-1-felix.moessbauer@siemens.com>
References: <20230116033552.139048-1-felix.moessbauer@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-72506:519-21489:flowmailer
X-TUID: CUbgNYqebWIu

From: venkata pyla <venkata.pyla@toshiba-tsip.com>

As part of reproducible-build work, the rootfs images generated on same
source should be identical between two builds.

In this commit it tries to solve one of the non-reproducible problem
i.e. the rootfs file time-stamps generated during build time are not
reproducible, it uses one of the solution provided in the debian
live-build image project (refer [1]), it fixes by finding all the
files/folders that are gernerated newly and set the time-stamp provided
by `SOURCE_DATE_EPOCH` environment variable.

[1] https://salsa.debian.org/live-team/live-build/-/merge_requests/218

Acked-by: Felix Moessbauer <felix.moessbauer@siemens.com>
Signed-off-by: venkata pyla <venkata.pyla@toshiba-tsip.com>
---
 meta-isar/conf/local.conf.sample | 10 ++++++++++
 meta/classes/image.bbclass       | 11 +++++++++++
 2 files changed, 21 insertions(+)

diff --git a/meta-isar/conf/local.conf.sample b/meta-isar/conf/local.conf.sample
index e1cd66e..6208623 100644
--- a/meta-isar/conf/local.conf.sample
+++ b/meta-isar/conf/local.conf.sample
@@ -248,3 +248,13 @@ USER_isar[flags] += "clear-text-password"
 #CCACHE_TOP_DIR ?= "${TMPDIR}/ccache"
 # Enable ccache debug mode
 #CCACHE_DEBUG = "1"
+
+# Uncommnet and add value to it to build images reproducibly
+#
+# The value for `SOURCE_DATE_EPOCH` should be latest source change time in
+# seconds since the Epoch.
+# Git repository users can use value from 'git log -1 --pretty=%ct'
+# Non git repository users can use value from 'stat -c%Y ChangeLog'
+# To know more details about this variable and how to set the value refer below
+# https://reproducible-builds.org/docs/source-date-epoch/
+#SOURCE_DATE_EPOCH =
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 125eba1..9e0f5f7 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -432,6 +432,17 @@ do_rootfs_finalize() {
                 "${ROOTFSDIR}/etc/apt/sources.list.d/bootstrap.list"
         fi
 EOSUDO
+
+    # Set same time-stamps to the newly generated file/folders in the
+    # rootfs image for the purpose of reproducible builds.
+    if [ -n "${SOURCE_DATE_EPOCH}" ]; then
+        sudo find ${ROOTFSDIR} -newermt \
+            "$(date -d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d %H:%M:%S')" \
+            -printf "%y %p\n" \
+            -exec touch '{}' -h -d@${SOURCE_DATE_EPOCH} ';' > ${DEPLOY_DIR_IMAGE}/files.modified_timestamps && \
+            bbwarn "$(grep ^f ${DEPLOY_DIR_IMAGE}/files.modified_timestamps) \nModified above file timestamps to build image reproducibly"
+    fi
+
 }
 addtask rootfs_finalize before do_rootfs after do_rootfs_postprocess
 
-- 
2.34.1