From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7353602520359370752 X-Forwarded-Encrypted: i=3; AJvYcCUKLhW+5npamWv54VQzPS9fsPpFl5JhtgfW4l8DEVYDkQH8b34/MGB1LNkGbfxSrEPIGpjNWtsDUFl/nOvTuazoOIiZd1guiKKViIE= X-Received: by 2002:a05:6214:29c2:b0:69b:1c3c:aed9 with SMTP id gh2-20020a05621429c200b0069b1c3caed9mr2294172qvb.18.1712552551011; Sun, 07 Apr 2024 22:02:31 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6214:3019:b0:699:1eb:ece9 with SMTP id ke25-20020a056214301900b0069901ebece9ls60703qvb.2.-pod-prod-00-us; Sun, 07 Apr 2024 22:02:29 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVuIgSYXULjxbQ9rHbgUWaAap5RaOH7OQ6OE0/ArnJJGF6qj6QyNkqvsrM7wh+z3Rg1ZIdAlVYN40F+Ow9PqRlZMRbCt0nKzI91hJY= X-Google-Smtp-Source: AGHT+IFwixhecBFGXcN0vq0ItAebf53V2zRp+FHEgKJ213LoW6OUBDBpStvsMKZT6i8oNX1/6SCL X-Received: by 2002:a05:620a:40d1:b0:78d:36b4:e6ac with SMTP id g17-20020a05620a40d100b0078d36b4e6acmr13711258qko.27.1712552549368; Sun, 07 Apr 2024 22:02:29 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712552549; cv=pass; d=google.com; s=arc-20160816; b=omlR8rnzYJYJVYw9EoDgStnrLvex0jXEsLsyUkQbQvwU93/jqapuv7co9f4IgeI8EL Yr9uwNbupNUcNtouPukTGAbiF5cL3ArGmWRNPovng+2pduaE4DJPg5lhvm7gNjbJjzr/ CvcM3tAZBvuJqFPhFMPD+hH7dWwM5S0UqxJ5PF4Z7+YgDg4pYnBXXcQ65XpNx4Q8MNYa NqgF93Q1a2KhvZxdor5uXTkfm7Y3NRf+9cbc7fpQdmmwXaPw9ed4gyKrWLwG65JXRHIa SLR2tqnCQKCctD5ejvCqVxR72WID0Q6HI9fa6dspRWQ+9aaQM7tuhDsJs+kTy50YBOsz QT+w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:in-reply-to:from:references :cc:to:content-language:subject:user-agent:date:message-id :dkim-signature; bh=caZIsCPvOYtagl77coESOOGR16psKicXCWkCx9Dunzw=; fh=LLT6PB1iJuc2lqkunasxFKORd0n6tfxNuKZTuGRJGwk=; b=CzbP7uXvQA4gISZgdJByTdalv6JaVCxiFTUCn2e2k2iMhSSE7FztvOaNe0uxZfBoQx GBagyE5vRKIg7qhdpzLqv10EGo10GZswNtvvX/fU6oYrbIdmAEHMfDRwtpjmNIRT8o2c lDF8oFUkzVwBfUOUyH1mxYL7tO4xjwWgKwU0dl7YOrLEqv3blbFe3F2amHMUhthuBF1e /BeYGxeR/K9T19Iic2JsUjCsm1wNc7E6l/KG0ja8859fiDSEoQ6XAOkyuKDUkfgSfklO iCWa1aTasS4s2X6Ile0+pynB5RZK7kkM7LRPqi5bt2W7faLMmzjixObQObFIjDWzBAFj z69A==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=rUzHjEht; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:7e1a::705 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Return-Path: Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on20705.outbound.protection.outlook.com. [2a01:111:f400:7e1a::705]) by gmr-mx.google.com with ESMTPS id a5-20020a05620a438500b0078bc8aa49f1si458799qkp.2.2024.04.07.22.02.24 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 07 Apr 2024 22:02:29 -0700 (PDT) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:7e1a::705 as permitted sender) client-ip=2a01:111:f400:7e1a::705; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=rUzHjEht; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:7e1a::705 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Rmt5wi5syka8LecNLtUCt7LrMCRokPayBvHYnuQU+HGAX6+ly7UnZzGfjM96RUo7WTGU+38wYiwSuqRGBLCFdonCLImJih10Nd21SnhNwHxqUURIeWfdrMEBjfjzUi67UGJNGrlikJXCBwkCwjISaRgdk25nd43rgh4Tm9zkWl0elmBGpIWBWt5PkrDkkL5jVb+MlE3gSsyEufL0YKQCESLvxBzr4X3Ojp5zcDcLlRKR5/SlvxzHviqkq1nAIP03NDlxyNGwjDEdqef5v3XO9owEuZ3N+YVNIXsFaxK1f7utLUvNb79yJTDRnZp2PPJT+crH2mY0WLni/J7Ux0lfTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=caZIsCPvOYtagl77coESOOGR16psKicXCWkCx9Dunzw=; b=iTI8Fo1UJWn4EQ3a3MXm6a9xk0AZm9nU/UXtGG6v+YfvZHqK7fxSMByeRUBzMv4Z1N6VVHjv3VCsB2PIQlnrO98e4QlVGtTIAIIXcvatLH3Is84BiVCs+pGkxMNK8FVxGTseiDQpUatDnxKEgzmqkGBKp2TCxteSxly7IYCsoBd3H0ESzIhpxF3aE+1k7JZVtzGWWHkHsnYBmuDjtW1wXLGBzPC7rdhn6hc5LnNbx+9fYxcrLcYFQez/AiIHK1uNV7O1RlIwAbQaNmkv5ijwWz4FLdRQls5KvuVCERk6c3mrLFD0RgXUZ62fHbjCJx+bmL87W1gfi+Q/JPDCa9tvEg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=caZIsCPvOYtagl77coESOOGR16psKicXCWkCx9Dunzw=; b=rUzHjEhtjtpdYM/M3T/kmrfeuUh+oqEJKPavxyRti7tEtz7Jt/UAVY6TBXzH5pi45vvHnvtvvWZOuNaORlPxABA6+7CsYA8PbqnVqf0mJRQCkYp1/QjpTH+Takr+VjixVleikc0qNiMUK4ET+oIHX9l38zNvWMXG9sn1FBPcGKYtsycqgyGY9W6XSisoRYHdvzwK4OPYLCR6sAwBypgdl47Yv9fZ67Y1B0Nc8v/rYZane7+blPTSIYEn+XzQtuo36Pa7ocvdeALHwAaqzD6IDpt/37X72qTdZKAjd5bdXR/Nyz482gnoXCn4ukra34/rPef5xxJvIMGgvq8uYdDyCA== Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) by AS1PR10MB5144.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:4aa::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Mon, 8 Apr 2024 05:02:22 +0000 Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::4e33:3630:e08:77b9]) by AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::4e33:3630:e08:77b9%4]) with mapi id 15.20.7409.042; Mon, 8 Apr 2024 05:02:22 +0000 Message-ID: <296bf34f-5c27-4337-9001-694c65487ea3@siemens.com> Date: Mon, 8 Apr 2024 07:02:22 +0200 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2 1/1] use debian snapshot mirror if SOURCE_DATE_EPOCH is set Content-Language: en-US To: Felix Moessbauer , isar-users@googlegroups.com Cc: venkata.pyla@toshiba-tsip.com, kazuhiro3.hayashi@toshiba.co.jp, dinesh.kumar@toshiba-tsip.com References: <20240403141231.179832-1-felix.moessbauer@siemens.com> From: Jan Kiszka In-Reply-To: <20240403141231.179832-1-felix.moessbauer@siemens.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-ClientProxiedBy: FR2P281CA0084.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9b::11) To AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) Return-Path: jan.kiszka@siemens.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR10MB6181:EE_|AS1PR10MB5144:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: A8Gc3LNUFKwByKdKGkzUBFWaSF0Bj14pLk5ocYpjXOXMerYViNTnGE7eRHP6O1LvtrfqcdH7Bl2CcTwTWntzHjAf4Y4dsbFnMpS9Tc4i113JbeQndgOlxQHBMYyI+VVEinWXinNpcIf+77qdoHhHF+2GxhlaEVKNMDzThFQfmDTytkJH4kAh9m/qIRF0fRdIfgZK8zNjmerIF461PKCI59EFkhFvtIPQxuAUytcIWpIs6sfwm+9Xw7ZurFEsv7kRFJ0CdTQ6BAW5YozOY8WhMV0/b6RFb4IZczztiRBvmFqS37Weu//bARAkIucmwAfYtouO3z03ajLy278rEZzKWgTXMAVy7YNXSE+Y136Z6LYIxgP8GRCZhPfEMh3SKHjWWvmETIVGS28+X3fjQFoGW6m5PPqVbIfG37nXQtSXiOumlF7hE27iwowSmdbI0LqZmF4PxiEDlx3+UPK6YyvGUKaQUAalMib7qVFn2yAn0mi+vxcgUpLLtACmAD83cwIHAPyy/LYDRsJdkNdNSomJ2N7AQkK70pI/n8dKC3hTMmPJczcWwxCX+6cReOb1xEiJX+OjcfZ87C5Ez3FLV3gguNEpVV1ZviFxh0DwbHawm/NBikBAHvYWJ+3UUygqpcmXGV5Cj6+enezZt3npDgmSjCW9e+aqS7C3OJC4Ymy2mwg= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366007)(1800799015)(376005);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?MTFxdE5oTldmbkRhKzU0VEtrbytxVHpJd1N3WGNzWmExZ2lXdHVBU0pSSHVn?= =?utf-8?B?bkRXMW5UM252UlhZSGtZK3l4UTltTWNGNStmWmY5M1YzRWU3alc4aUpEbExC?= =?utf-8?B?YVNOV1lOV1VOZFZwbHRDRXN0aVBiVU12bzlGSTZKU3lsYmowQWJDRmpvRDcy?= =?utf-8?B?ZzJvRUFGWWFNMWVLYTEzcHhaOGZZUjBhWlZVR1VyN08xblJrbDdkd3U3YjBm?= =?utf-8?B?ZnZicWZYS2dDL3A5M3o2MFUxMDB6ZGw2UGI1aTBkcko1aUQrVFpSbWdUYTVl?= =?utf-8?B?K3NLaGtDcUFic2d6VTlrTzRwMjAzUGNDeWtGZ1ltbUozZE11am5kcTFEaGg5?= =?utf-8?B?QzFKVmNrNXRsZi9YdnpXaFFkUjJVY0ZIaWhSZGx6RHo0MlU4Wkwzd3VtcURo?= =?utf-8?B?VXkzYmliN3VkQjBVaC9iemk5T211RTZ1ZmxINXgrTXZKd0ZUc2FuUmtCaCtl?= =?utf-8?B?a0Q2dzVZdk9KbXptL0JaYW04OW5iV042UUZJWGhBbG1kOGVOQm9vbldiakJC?= =?utf-8?B?VlI0bjdyRDZvWm84a1M3QW14WHZiOU4rd25OajVWVWpLOU9tYU41N096ZnBp?= =?utf-8?B?SVNsUTNIcXlsRU9FbzlzYkJ6dUJVU0lLbEVoanFoSmJHcVgyc2k2WSt0TDUz?= =?utf-8?B?K3M1VTlzMFJDYWV3RDMrZHRrRU15WlNjd3NaTThtejZRcmF4MTNSTmFwSFh3?= =?utf-8?B?dlczMmFQUHc2ZkI4Mks0S1ppVWM3UWdTdGlmekJ1U0dxYXRZWm5oYjE4ZjBI?= =?utf-8?B?OW4yTFRaY2hJWVUxbG1lNzc4M1VlVzBsb1hlMUlONjVPaENoaHZBTzNBbDlJ?= =?utf-8?B?d2s3SFVmZnZ4Z3VicmRxamd4L1I0R1VCSWxCMWdlODNEaFdRR0FRNkhWdWcv?= =?utf-8?B?ZFE5d3RiOUt6VDdFbjA2ZDlQZlZGQjR2QnBIWVpiYWsxRTZFdWcycUxCa3FR?= =?utf-8?B?VzhVL1JlYmtia3NQWmYzQXU1TklLMy9vTWpZdExHL1J2RVRBRTgyS0phRXJM?= =?utf-8?B?RFl0dTFQS3hGNnlmSVYwNWlMckppb1BUVkt3S3FIREY1YVdKeHExM0IvWnBl?= =?utf-8?B?V0JJUEVRcmg1N3Fnd215VXpTWUVsZEozeThicjEvWVYzdU9Yak94dkQxL2FO?= =?utf-8?B?dStieHZOcTVCOENqbnJ6V0lGbWxzOFVqa3ZiUktJODhPNVFwYUJWaTVPKzFy?= =?utf-8?B?Ry9GU2p0NDFNTit1bDhrRXhTbDJiRnRON1JxR2tQNURubmtXdDdrdkg1aFpO?= =?utf-8?B?UmNFSGpSckE0QVhiUjRMejBZV05pbEpXb1o4QXRWTHFZcDhxL0Jvckl6YXl6?= =?utf-8?B?RTQ2VVJRaEZzYWVKVDhKUTdXTFZXVGdJVzVYTUE3Z05ydHUxK2FPYmZtdGlh?= =?utf-8?B?SHNJdkFGYjRXL29UK1dWYjF2TFcrd0VndHF2eW5yUnJucEdMeDlCbTNQOVVv?= =?utf-8?B?Tm9PWXFaeXd5Nm4xSGxnUUpST3EwUm52a016bjFhYUJBd3Z1OUpJd0lrMW9z?= =?utf-8?B?cmkwQWs5S3Q0NmFTNW1oREJNeUtNRWNWSjRzWFVBS285RDBvZGxScSt3V3Zx?= =?utf-8?B?dDlJU0dqVWNYV1R1NzV0VEFESzJYVjl3YjlkN2c1RGhxTEcrRmc3TnNaQmVw?= =?utf-8?B?U21pUXpBMWJUbFkwZzBabDVrNHNHQXR4N1B2T1MwSnFnSWNvZXhKcUdFQThQ?= =?utf-8?B?Tk1ZWGZmN2RTOWUvaVc0Y3hOSExDamdzdXhRRkNHck9weWxTcGd5R0UvTThn?= =?utf-8?B?TXY2SEpyUWpGTHVFMUNwbjlWYzFDY1UzcjJLTE84RDh3Z2hmazJOaGJCcDBT?= =?utf-8?B?SG4xUlRUcG1kR2tXenlnUTFkTk5HdUdkVVlmUU10eTNiMDRwM0UxUkdvNDBY?= =?utf-8?B?NjJZMlhGeGpQYVA2VGJ3eU0rZ25VS2pHODlXR1hhOGpqZEd4ampJVUQrT2FM?= =?utf-8?B?bm51VGNGcHU4ZDM1b20wRGlRUDN1RU5zbkkzMHg3TUcyK0JPSEI5WFNhcG5S?= =?utf-8?B?UnFiTVFUaldLRWtPb3lBd0J1WVRkMGVFQzhTdnovNmh0WU1yUmFKbXR2T3ZH?= =?utf-8?B?MHV5ZzUrbVpWL21yRmc2UGdtN1ZaVGI0b2doRVZPUWRXS0txYi9KdlJpaXhk?= =?utf-8?Q?ivCEvH5JRdJdapUyRStTx6gaf?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 49ebcdc6-506f-4ba5-ca4f-08dc5789132c X-MS-Exchange-CrossTenant-AuthSource: AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Apr 2024 05:02:22.4460 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: hdLjMhnOPf5phYZ7+3UO2VUyWqSdtzr4vfT9PljEVaqwTnI7C0x10uHv9hDO2i0z67RHpO2Fp4cO8Opc3xz/VQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS1PR10MB5144 X-TUID: eQuFbZcTIRTq On 03.04.24 16:12, Felix Moessbauer wrote: > In case the SOURCE_DATE_EPOCH variable is set, we switch the debian > mirror to a snapshot mirror. The used date is derived from the value of > SOURCE_DATE_EPOCH. Similar to the DISTRO_APT_PREMIRRORS, this mirror is > only injected temporarily during the build. > > To further control the behavior, we introduce the following variables: > > - ISAR_USE_DEBIAN_SNAPSHOTS: overwrite if a snapshot shall be used > - ISAR_DEBIAN_SNAPSHOT_MIRROR: The snapshot mirror to use (defaults to > snapshot-cloudflare.debian.org) > > Signed-off-by: Felix Moessbauer > --- > Changes since v1: > > - disable valid-until checking for both bootstrapping and schroot > - conditionally make the SOURCE_DATE_EPOCH a vardep of bootstrap > - move ISAR_USE_DEBIAN_SNAPSHOTS to the bitbake.conf as it is used > both in bootstrap, as well as in rootfs. > > Best regards, > Felix Moessbauer > Siemens AG > > RECIPE-API-CHANGELOG.md | 6 ++++++ > doc/user_manual.md | 3 +++ > meta/classes/rootfs.bbclass | 3 +++ > meta/conf/bitbake.conf | 1 + > .../isar-bootstrap/isar-bootstrap.inc | 17 +++++++++++++++-- > 5 files changed, 28 insertions(+), 2 deletions(-) > > diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md > index 6653ab43..c146d60c 100644 > --- a/RECIPE-API-CHANGELOG.md > +++ b/RECIPE-API-CHANGELOG.md > @@ -583,3 +583,9 @@ Cross compiling kernel modules for distro kernels is not supported in debian. > To simplify downstream kernel module builds, we automatically turn of cross > compilation for a user-provided module when building it for a distro kernel. > > + > +### Build against debian snapshot mirror if SOURCE_DATE_EPOCH is set > + > +In case the bitbake variable `SOURCE_DATE_EPOCH` is set, a debian snapshot > +mirror is used. This can be overwritten with `ISAR_USE_DEBIAN_SNAPSHOTS`. > +The snapshot to use is specified in `ISAR_DEBIAN_SNAPSHOT_MIRROR`. > diff --git a/doc/user_manual.md b/doc/user_manual.md > index 419d5339..227ce5f9 100644 > --- a/doc/user_manual.md > +++ b/doc/user_manual.md > @@ -425,12 +425,15 @@ Some other variables include: > > - `IMAGE_INSTALL` - The list of custom packages to build and install to target image, please refer to relative chapter for more information. > - `BB_NUMBER_THREADS` - The number of `bitbake` jobs that can be run in parallel. Please set this option according to your host CPU cores number. > + - `SOURCE_DATE_EPOCH` - The unix timestamp passed to all tooling to make the results reproducible. This variable is optional. > - `HOST_DISTRO` - The distro to use for SDK root filesystem. This variable is optional. > - `HOST_ARCH` - The Debian architecture of SDK root filesystem (e.g., `amd64`). By default set to current Debian host architecture. This variable is optional. > - `HOST_DISTRO_APT_SOURCES` - List of apt source files for SDK root filesystem. This variable is optional. > - `HOST_DISTRO_APT_PREFERENCES` - List of apt preference files for SDK root filesystem. This variable is optional. > - `HOST_DISTRO_BOOTSTRAP_KEYS` - Analogously to DISTRO_BOOTSTRAP_KEYS: List of gpg key URIs used to verify apt bootstrap repo for the host. > - `DISTRO_APT_PREMIRRORS` - The preferred mirror (append it to the default URI in the format `ftp.debian.org my.preferred.mirror`. This variable is optional. PREMIRRORS will be used only for the build. The final images will have the sources list as mentioned in DISTRO_APT_SOURCES. > + - `ISAR_USE_DEBIAN_SNAPSHOTS` - Use a frozen debian snapshot instead of the live mirror. Auto-enabled if `SOURCE_DATE_EPOCH` is set. Optional. > + - `ISAR_DEBIAN_SNAPSHOT_MIRROR` - The snapshot mirror to use. Defaults to `snapshot-cloudflare.debian.org`. > - `THIRD_PARTY_APT_KEYS` - List of gpg key URIs used to verify apt repos for apt installation after bootstrapping. > - `FILESEXTRAPATHS` - The default directories BitBake uses when it processes recipes are initially defined by the FILESPATH variable. You can extend FILESPATH variable by using FILESEXTRAPATHS. > - `FILESOVERRIDES` - A subset of OVERRIDES used by the build system for creating FILESPATH. The FILESOVERRIDES variable uses overrides to automatically extend the FILESPATH variable. > diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass > index fb14f3ca..0d7744f7 100644 > --- a/meta/classes/rootfs.bbclass > +++ b/meta/classes/rootfs.bbclass > @@ -112,6 +112,9 @@ rootfs_configure_apt() { > mkdir -p '${ROOTFSDIR}/etc/apt/apt.conf.d' > { > echo 'Acquire::Retries "3";' > + if [ "${ISAR_USE_DEBIAN_SNAPSHOTS}" = "1" ]; then > + echo 'Acquire::Check-Valid-Until "false";' > + fi > echo 'APT::Install-Recommends "0";' > echo 'APT::Install-Suggests "0";' > } > '${ROOTFSDIR}/etc/apt/apt.conf.d/50isar' > diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf > index 91c5c815..84c9a9bb 100644 > --- a/meta/conf/bitbake.conf > +++ b/meta/conf/bitbake.conf > @@ -68,6 +68,7 @@ KERNEL_FILE ?= "vmlinuz" > KERNEL_FILE:mipsel ?= "vmlinux" > KERNEL_FILE:riscv64 ?= "vmlinux" > KERNEL_FILE:arm64 ?= "vmlinux" > +ISAR_USE_DEBIAN_SNAPSHOTS ??= "${@'1' if d.getVar('SOURCE_DATE_EPOCH') else '0'}" > > MACHINEOVERRIDES ?= "${MACHINE}" > DISTROOVERRIDES ?= "${DISTRO}" > diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc > index f548e202..d44876a4 100644 > --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc > +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc > @@ -32,6 +32,8 @@ DISTRO_VARS_PREFIX ?= "${@'HOST_' if bb.utils.to_boolean(d.getVar('BOOTSTRAP_FOR > BOOTSTRAP_DISTRO = "${@d.getVar('HOST_DISTRO' if bb.utils.to_boolean(d.getVar('BOOTSTRAP_FOR_HOST')) else 'DISTRO')}" > BOOTSTRAP_BASE_DISTRO = "${@d.getVar('HOST_BASE_DISTRO' if bb.utils.to_boolean(d.getVar('BOOTSTRAP_FOR_HOST')) else 'BASE_DISTRO')}" > FILESEXTRAPATHS:append = ":${BBPATH}" > +# reproducible builds > +ISAR_DEBIAN_SNAPSHOT_MIRROR ??= "snapshot-cloudflare.debian.org" > > inherit deb-dl-dir > > @@ -111,9 +113,15 @@ def parse_aptsources_list_line(source_list_line): > > def get_apt_source_mirror(d, aptsources_entry_list): > import re > + import time > > if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')): > premirrors = "\S* file://${REPO_BASE_DIR}/${BOOTSTRAP_BASE_DISTRO}\n" > + elif bb.utils.to_boolean(d.getVar('ISAR_USE_DEBIAN_SNAPSHOTS')): > + snapshot_mirror = d.getVar('ISAR_DEBIAN_SNAPSHOT_MIRROR') > + source_date_epoch = d.getVar('SOURCE_DATE_EPOCH') or int(time.time()) > + snapshot_date = time.strftime('%Y%m%dT%H%M%SZ', time.gmtime(int(source_date_epoch))) > + premirrors = 'deb.debian.org/(.*) {}/archive/\\1/{}/\n'.format(snapshot_mirror, snapshot_date) > else: > premirrors = d.getVar('DISTRO_APT_PREMIRRORS') or "" > mirror_list = [entry.split() > @@ -265,6 +273,7 @@ def get_host_release(): > return rel > > do_bootstrap[vardeps] += " \ > + ${@'SOURCE_DATE_EPOCH' if bb.utils.to_boolean(d.getVar('ISAR_USE_DEBIAN_SNAPSHOTS')) else ''} \ > DISTRO_APT_PREMIRRORS \ > ISAR_ENABLE_COMPAT_ARCH \ > ${DISTRO_VARS_PREFIX}DISTRO_APT_SOURCES \ > @@ -382,8 +391,12 @@ do_bootstrap() { > chroot "${ROOTFSDIR}" /usr/bin/dpkg --add-architecture ${COMPAT_DISTRO_ARCH} > fi > > - chroot "${ROOTFSDIR}" /usr/bin/apt-get update -y \ > - -o APT::Update::Error-Mode=any > + > + APT_UPDATE_OPTS="-o APT::Update::Error-Mode=any" > + if [ "${ISAR_USE_DEBIAN_SNAPSHOTS}" = "1" ]; then > + APT_UPDATE_OPTS="${APT_UPDATE_OPTS} -o Acquire::Check-Valid-Until=false" > + fi > + chroot "${ROOTFSDIR}" /usr/bin/apt-get update -y ${APT_UPDATE_OPTS} > chroot "${ROOTFSDIR}" /usr/bin/apt-get install -y -f > chroot "${ROOTFSDIR}" /usr/bin/apt-get dist-upgrade -y \ > -o Debug::pkgProblemResolver=yes This can be a valuable addition but it needs more thoughts first: How do you plan to handle snapshot.ubuntu.com? And what will you when the repo list contains a third-party repo for which there is no snapshot? That should at least raise a warning, rather than silently suggesting to produce a reproducible image. BTW, we should likely also double-check how we define the SOURCE_DATE_EPOCH value, in comparison to OE. See my reply on your kas patch. Jan -- Siemens AG, Technology Linux Expert Center