From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7187242631035879424 X-Received: by 2002:a05:6870:1390:b0:160:328f:768a with SMTP id 16-20020a056870139000b00160328f768amr555039oas.124.1674630988607; Tue, 24 Jan 2023 23:16:28 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6830:b82:b0:686:6205:ecee with SMTP id a2-20020a0568300b8200b006866205eceels3453963otv.7.-pod-prod-gmail; Tue, 24 Jan 2023 23:16:28 -0800 (PST) X-Google-Smtp-Source: AMrXdXunB92r+eTX0A47GRAxFKjUgftQ4V2KTxwsra6rVVaRmmInHYV6Ji/EbrNL5y7nnSRLs+oD X-Received: by 2002:a9d:6c42:0:b0:672:c3d9:967e with SMTP id g2-20020a9d6c42000000b00672c3d9967emr14007915otq.3.1674630987975; Tue, 24 Jan 2023 23:16:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674630987; cv=none; d=google.com; s=arc-20160816; b=srJ6h+rG12uYkbtgn/NkzJh5qGIDRE3O+9/l1hJsuoOsDqdUxcfXVuSty+Q9vA0ayK 77Z54+vGdLG3lnjKR3KrSJtP/XAwAC7I946FciFk5RShMYdvQEelSD4GooF9GeS2XGCL hvUGJ68q+tkz6DUKajkCoP9mDq2xKU03Ih4ApTxJWJCk4yCNgSbY94fcogFWX7eK0sph G8Zp08QWRWlanQ+zCdgn02vzpcjyYrujdr5HYiB/eQUcrNMHJbj3rnSY6AXksXS+KZI2 E7fLJUIj7x3yX3FV9325ht+PF+A3ug5fbAeZmmu4lKxyaxpqNlhM5Irpb758uNYhuNiV //Zg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from; bh=urOsmgb4LvjnYtFdoPjhbbvt3jrjLCTjbV5bEMKTWbs=; b=1InedaZGlZgYhvkNgXF4Jo0vl76Mym7drDRXJXKjsDRSA/SVHB4+sc2Iq8GAPWz4ol U3qDnFjGjgEETi1biRLNUBaKqBdY0CM4gRX2axDaETtopqZ8FNVWi7YtrmWArqmbrxo8 n7AT2RC8h8czdXoGY9bWMx0L866qYf4quORegZY2zhSyT0aPkiwwy9lSy5/TnKSTzawx FV4Qbc6xloqnlAUL6QuByPDjBsg0MSQGMPoX08vQauj6DlBFJWO1MzLmjuxLU7EphxE1 ZovoACDmSlJCCWpjnj35J+aLlPXAQ9zhSgAMbZrxqERKr/0LYGwu7pNBiUPUuIAyKmu4 zgyQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Return-Path: Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id bu7-20020a0568300d0700b0066fe878940fsi777694otb.5.2023.01.24.23.16.27 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 24 Jan 2023 23:16:27 -0800 (PST) Received-SPF: pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Received: from hp.localnet (host-80-81-17-52.static.customer.m-online.net [80.81.17.52]) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 30P7GDuH025462 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 25 Jan 2023 08:16:25 +0100 From: Uladzimir Bely To: isar-users@googlegroups.com Subject: Re: [PATCH v3 00/10] Make rootfs build reproducible Date: Wed, 25 Jan 2023 10:16:10 +0300 Message-ID: <2099196.9o76ZdvQCi@hp> In-Reply-To: <20230116033552.139048-1-felix.moessbauer@siemens.com> References: <20230116033552.139048-1-felix.moessbauer@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: pb37usDOnzbs In mail from =D0=BF=D0=BE=D0=BD=D0=B5=D0=B4=D0=B5=D0=BB=D1=8C=D0=BD=D0=B8= =D0=BA, 16 =D1=8F=D0=BD=D0=B2=D0=B0=D1=80=D1=8F 2023 =D0=B3. 06:35:42 +03 u= ser Felix Moessbauer=20 wrote: > This series finally makes the rootfs generation bit-reproducible > from debian bullseye on. Parts of it have already been sent > as individual patches. However, image reproducibility can only > be achived once all parts are reproducible itself. By that, > these patches are included in this series as well. >=20 > With this series, the following parts are now fully reproducible. > This has been tested on the isar-image-base target. >=20 > - custom initramfs (creation and updates) > - debian initramfs (only updates are relevant) > - custom kernel (debian kernel is reproducible itself) > - rootfs itself > - tar file generation (.tar) > - ext4 generation (only from bookworm on, more tests needed) >=20 > Other parts that are still not reproducible are: >=20 > - WIC (should be solved in OE already) > - containers (untested yet) > - SDK (note added in v3) >=20 > Changes since v2: >=20 > - fix issue issue when SOURCE_DATE_EPOCH is not defined > - replaced "fix rebuild of rootfs_finalize task" with Hennings version > - minor style fix in image-account-extension >=20 > Changes since v1: >=20 > - dropped patch "deb_add_changelog: use SOURCE_DATE_EPOCH" > - fixed typo in "generate deterministic clear-text password hash" > - added comment about why SOURCE_DATE_EPOCH must only be set for > image rootfs but not for other rootfs'. >=20 > Best regards, > Felix Moessbauer > Siemens AG >=20 > Felix Moessbauer (8): > rootfs postprocess: clean python cache > remove non-portable ldconfig aux-cache > generate deterministic clear-text password hash > update debian initramfs in deterministic mode > create custom initramfs in deterministic mode > make deb_add_changelog idempotent > deb_add_changelog: set timestamp to valid epoch > make custom linux-image bit-by-bit reproducible >=20 > Henning Schild (1): > image: make sure do_rootfs_finalize can run multiple times >=20 > venkata pyla (1): > image.bbclass: fix non-reproducible file time-stamps inside rootfs >=20 > meta-isar/conf/local.conf.sample | 10 +++++ > meta/classes/debianize.bbclass | 20 ++++++---- > meta/classes/image-account-extension.bbclass | 10 ++++- > meta/classes/image.bbclass | 39 +++++++++++++++---- > meta/classes/initramfs.bbclass | 5 +++ > meta/classes/rootfs.bbclass | 13 +++++++ > .../linux/files/debian/isar/build.tmpl | 1 + > .../linux/files/debian/rules.tmpl | 14 ++++++- > meta/recipes-kernel/linux/linux-custom.inc | 2 + > 9 files changed, 98 insertions(+), 16 deletions(-) Applied to next, thanks.