From: "Moessbauer, Felix" <felix.moessbauer@siemens.com>
To: "Schild, Henning" <henning.schild@siemens.com>
Cc: "Bovensiepen, Daniel (bovi)" <daniel.bovensiepen@siemens.com>,
"isar-users@googlegroups.com" <isar-users@googlegroups.com>,
"Kiszka, Jan" <jan.kiszka@siemens.com>,
"venkata.pyla@toshiba-tsip.com" <venkata.pyla@toshiba-tsip.com>
Subject: Re: [PATCH 06/11] update debian initramfs in deterministic mode
Date: Wed, 11 Jan 2023 08:39:34 +0000 [thread overview]
Message-ID: <290a8348da7db622e75e557319aa7c93aa693acd.camel@siemens.com> (raw)
In-Reply-To: <20230111092318.19415b12@md1za8fc.ad001.siemens.net>
On Wed, 2023-01-11 at 09:23 +0100, Henning Schild wrote:
> Am Wed, 11 Jan 2023 04:11:35 +0000
> schrieb Felix Moessbauer <felix.moessbauer@siemens.com>:
>
> > This patch exports the SOURCE_DATE_EPOCH variable in the image
> > install
> > task. By that, update-initramfs is switched into reproducible mode.
> > Before this patch, each trigger of update-initramfs created a new
> > non-deterministic version of the initramfs.
> >
> > Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
> > ---
> > meta/classes/image.bbclass | 7 +++++++
> > 1 file changed, 7 insertions(+)
> >
> > diff --git a/meta/classes/image.bbclass
> > b/meta/classes/image.bbclass
> > index b86a428..c981c7a 100644
> > --- a/meta/classes/image.bbclass
> > +++ b/meta/classes/image.bbclass
> > @@ -304,6 +304,13 @@ python() {
> > }
> >
> >
> > +# make generation of initramfs reproducible
> > +rootfs_install_pkgs_install_prepend() {
> > + if [ ! -z "${SOURCE_DATE_EPOCH}" ]; then
> > + export SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH}"
> > + fi
> > +}
>
> Why prepend and not put this right into the task? This will be hard
> to
> maintain.
Yes, true. However, the rootfs_install_pkgs_install is shared across
all rootfs, but we really only want to set the SOURCE_DATE_EPOCH
variable for the final target image install. If we would add it
globally, this would break SSTATE caching all over the place, as it
would have influence on the sbuild chroots.
On the other side, we also cannot whitelist the variable as it
internally changes the logic of many tools so that they run in
deterministic mode. And we also have to rebuild parts that depend on
the value of the variable.
Felix
>
> Henning
>
> > # here we call a command that should describe your whole build
> > system, # this could be "git describe" or something similar.
> > # set ISAR_RELEASE_CMD to customize, or override do_mark_rootfs to
> > do something
>
next prev parent reply other threads:[~2023-01-11 8:39 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-11 4:11 [PATCH 00/11] Make rootfs build reproducible Felix Moessbauer
2023-01-11 4:11 ` [PATCH 01/11] fix rebuild of rootfs_finalize task Felix Moessbauer
2023-01-11 4:11 ` [PATCH 02/11] image.bbclass: fix non-reproducible file time-stamps inside rootfs Felix Moessbauer
2023-01-11 4:11 ` [PATCH 03/11] rootfs postprocess: clean python cache Felix Moessbauer
2023-01-11 8:06 ` Henning Schild
2023-01-11 8:23 ` Moessbauer, Felix
2023-01-11 12:47 ` Henning Schild
2023-01-11 13:18 ` Moessbauer, Felix
2023-01-11 13:23 ` Jan Kiszka
2023-01-11 4:11 ` [PATCH 04/11] remove non-portable ldconfig aux-cache Felix Moessbauer
2023-01-11 8:19 ` Henning Schild
2023-01-11 8:31 ` Moessbauer, Felix
2023-01-11 12:52 ` Henning Schild
2023-01-11 4:11 ` [PATCH 05/11] generate deterministic clear-text password hash Felix Moessbauer
2023-01-11 8:21 ` Henning Schild
2023-01-11 4:11 ` [PATCH 06/11] update debian initramfs in deterministic mode Felix Moessbauer
2023-01-11 8:23 ` Henning Schild
2023-01-11 8:39 ` Moessbauer, Felix [this message]
2023-01-11 12:55 ` Henning Schild
2023-01-11 4:11 ` [PATCH 07/11] create custom " Felix Moessbauer
2023-01-11 4:11 ` [PATCH 08/11] make deb_add_changelog idempotent Felix Moessbauer
2023-01-11 4:11 ` [PATCH 09/11] deb_add_changelog: set timestamp to valid epoch Felix Moessbauer
2023-01-11 4:11 ` [PATCH 10/11] deb_add_changelog: use SOURCE_DATE_EPOCH Felix Moessbauer
2023-01-11 8:49 ` Henning Schild
2023-01-11 9:06 ` Moessbauer, Felix
2023-01-11 4:11 ` [PATCH 11/11] make custom linux-image bit-by-bit reproducible Felix Moessbauer
2023-01-11 6:51 ` [PATCH 00/11] Make rootfs build reproducible Jan Kiszka
2023-01-11 9:04 ` Venkata.Pyla
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=290a8348da7db622e75e557319aa7c93aa693acd.camel@siemens.com \
--to=felix.moessbauer@siemens.com \
--cc=daniel.bovensiepen@siemens.com \
--cc=henning.schild@siemens.com \
--cc=isar-users@googlegroups.com \
--cc=jan.kiszka@siemens.com \
--cc=venkata.pyla@toshiba-tsip.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox