From: Uladzimir Bely <ubely@ilbers.de>
To: Felix Moessbauer <felix.moessbauer@siemens.com>,
benedikt.niedermayr@siemens.com, isar-users@googlegroups.com
Cc: venkata.pyla@toshiba-tsip.com, quirin.gylstorff@siemens.com
Subject: Re: [PATCH 1/2] remove conditional SDE paths
Date: Tue, 23 Apr 2024 22:49:30 +0300 [thread overview]
Message-ID: <2e3905fc81549945746982e8f7d45b6f612420e1.camel@ilbers.de> (raw)
In-Reply-To: <20240422185843.550406-1-felix.moessbauer@siemens.com>
On Mon, 2024-04-22 at 20:58 +0200, 'Felix Moessbauer' via isar-users
wrote:
> The SOURCE_DATE_EPOCH variable is now always available, both as
> bitbake
> variable, as well as as env-var. By that, we can remove all
> conditional
> paths that checked if the variable is available. Also, manual exports
> of
> the bitbake variable into the env is no longer required.
>
> Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
> ---
> meta/classes/dpkg-source.bbclass | 3 ---
> meta/classes/image-account-extension.bbclass | 13 +++------
> meta/classes/image.bbclass | 27 +++++------------
> --
> meta/classes/imagetypes_wic.bbclass | 3 ---
> meta/classes/initramfs.bbclass | 5 ----
> meta/classes/rootfs-add-files.bbclass | 4 ---
> .../isar-bootstrap/isar-bootstrap.inc | 4 ---
> 7 files changed, 10 insertions(+), 49 deletions(-)
>
> diff --git a/meta/classes/dpkg-source.bbclass b/meta/classes/dpkg-
> source.bbclass
> index 7e3868f6..7fd5d2ed 100644
> --- a/meta/classes/dpkg-source.bbclass
> +++ b/meta/classes/dpkg-source.bbclass
> @@ -11,9 +11,6 @@ do_dpkg_source() {
> # Create a .dsc file from source directory to use it with sbuild
> DEB_SOURCE_NAME=$(dpkg-parsechangelog --show-field Source --file
> ${WORKDIR}/${PPS}/debian/changelog)
> find ${WORKDIR} -name "${DEB_SOURCE_NAME}*.dsc" -maxdepth 1 -
> delete
> - if [ ! -z "${SOURCE_DATE_EPOCH}" ]; then
> - export SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH}"
> - fi
> sh -c "cd ${WORKDIR}; dpkg-source ${DPKG_SOURCE_EXTRA_ARGS} -b
> ${PPS}"
> }
> addtask dpkg_source after do_prepare_build before do_dpkg_build
> diff --git a/meta/classes/image-account-extension.bbclass
> b/meta/classes/image-account-extension.bbclass
> index 3d4e1d1d..b63fff5c 100644
> --- a/meta/classes/image-account-extension.bbclass
> +++ b/meta/classes/image-account-extension.bbclass
> @@ -114,11 +114,10 @@ def image_create_users(d: "DataSmart") -> None:
> # chpasswd adds a random salt when running against a
> clear-text password.
> # For reproducible images, we manually generate the
> password and use the
> # SOURCE_DATE_EPOCH to generate the salt in a
> deterministic way.
> - source_date_epoch = d.getVar("SOURCE_DATE_EPOCH") or
> ""
> - if source_date_epoch:
> - command.append("-e")
> - salt =
> hashlib.sha256("{}\n".format(source_date_epoch).encode()).hexdigest()
> [0:15]
> - password = bb.process.run('openssl passwd -6 --
> salt {} {}'.format(salt, password))[0].strip()
> + source_date_epoch = d.getVar("SOURCE_DATE_EPOCH")
> + command.append("-e")
> + salt =
> hashlib.sha256("{}\n".format(source_date_epoch).encode()).hexdigest()
> [0:15]
> + password = bb.process.run('openssl passwd -6 --salt
> {} {}'.format(salt, password))[0].strip()
>
> else:
> command.append("-e")
> @@ -131,10 +130,6 @@ def image_create_users(d: "DataSmart") -> None:
>
> ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts"
> python image_postprocess_accounts() {
> - import os
> - if d.getVar("SOURCE_DATE_EPOCH") != None:
> - os.environ["SOURCE_DATE_EPOCH"] =
> d.getVar("SOURCE_DATE_EPOCH")
> -
During testing in CI together with other patches from the mailist,
faced a small merge/logical conflict with patch "[v3] image-account-
extenstion: rebuild on varflag changes" that adds line
+image_postprocess_accounts[vardeps] += "USERS GROUPS
SOURCE_DATE_EPOCH"
I guess, it should become now:
+image_postprocess_accounts[vardeps] += "USERS GROUPS"
, is not it?
> image_create_groups(d)
> image_create_users(d)
> }
> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
> index 98741da0..34faa6af 100644
> --- a/meta/classes/image.bbclass
> +++ b/meta/classes/image.bbclass
> @@ -289,18 +289,6 @@ python() {
> d.appendVar('IMAGER_BUILD_DEPS', ' ' + '
> '.join(sorted(imager_build_deps)))
> }
>
> -
> -# make generation of initramfs reproducible
> -# note: this function is shared across multiple rootfs, but we only
> want to make the
> -# image rootfs reproducible. Otherwise changes of
> SOURCE_DATE_EPOCH would
> -# invalidate the SSTATE entries for most packages, even if
> they don't use the
> -# global SOURCE_DATE_EPOCH variable.
> -rootfs_install_pkgs_install:prepend() {
> - if [ ! -z "${SOURCE_DATE_EPOCH}" ]; then
> - export SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH}"
> - fi
> -}
> -
> # here we call a command that should describe your whole build
> system,
> # this could be "git describe" or something similar.
> # set ISAR_RELEASE_CMD to customize, or override do_mark_rootfs to
> do something
> @@ -451,17 +439,14 @@ EOSUDO
>
> # Set same time-stamps to the newly generated file/folders in
> the
> # rootfs image for the purpose of reproducible builds.
> - if [ -n "${SOURCE_DATE_EPOCH}" ]; then
> - fn="${DEPLOY_DIR_IMAGE}/files.modified_timestamps"
> - if sudo find ${ROOTFSDIR} -newermt "$(date -
> d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d %H:%M:%S')" \
> - -printf "%y %p\n" -exec touch '{}' -h -
> d@${SOURCE_DATE_EPOCH} ';' | egrep ^f >"$fn"; then
> - if [ -e "$fn" ]; then
> - bbwarn "modified timestamp (${SOURCE_DATE_EPOCH}) of
> $(cat "$fn" | wc -l) files for image reproducibly." \
> - "List of files modified can be found in:
> .${DEPLOY_DIR_IMAGE}/files.modified_timestamps"
> - fi
> + fn="${DEPLOY_DIR_IMAGE}/files.modified_timestamps"
> + if sudo find ${ROOTFSDIR} -newermt "$(date -
> d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d %H:%M:%S')" \
> + -printf "%y %p\n" -exec touch '{}' -h -
> d@${SOURCE_DATE_EPOCH} ';' | egrep ^f >"$fn"; then
> + if [ -e "$fn" ]; then
> + bbwarn "modified timestamp (${SOURCE_DATE_EPOCH}) of
> $(cat "$fn" | wc -l) files for image reproducibly." \
> + "List of files modified can be found in:
> .${DEPLOY_DIR_IMAGE}/files.modified_timestamps"
> fi
> fi
> -
> }
> do_rootfs_finalize[network] = "${TASK_USE_SUDO}"
> addtask rootfs_finalize before do_rootfs after do_rootfs_postprocess
> diff --git a/meta/classes/imagetypes_wic.bbclass
> b/meta/classes/imagetypes_wic.bbclass
> index bce881ed..3b697cdd 100644
> --- a/meta/classes/imagetypes_wic.bbclass
> +++ b/meta/classes/imagetypes_wic.bbclass
> @@ -157,9 +157,6 @@ generate_wic_image() {
> export FAKEROOTCMD=${FAKEROOTCMD}
> export BUILDDIR=${TOPDIR}
> export MTOOLS_SKIP_CHECK=1
> - if [ ! -z "${SOURCE_DATE_EPOCH}" ]; then
> - export SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH}"
> - fi
> mkdir -p ${IMAGE_ROOTFS}/../pseudo
> touch ${IMAGE_ROOTFS}/../pseudo/files.db
>
> diff --git a/meta/classes/initramfs.bbclass
> b/meta/classes/initramfs.bbclass
> index 925c3f6d..5b5943f2 100644
> --- a/meta/classes/initramfs.bbclass
> +++ b/meta/classes/initramfs.bbclass
> @@ -38,11 +38,6 @@ do_generate_initramfs() {
> rootfs_do_mounts
> rootfs_do_qemu
>
> - # generate reproducible initrd if requested
> - if [ ! -z "${SOURCE_DATE_EPOCH}" ]; then
> - export SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH}"
> - fi
> -
> sudo -E chroot "${INITRAMFS_ROOTFS}" sh -c '\
> export kernel_version=$(basename /boot/vmlinu[xz]* | cut -
> d'-' -f2-); \
> if [ -n "$kernel_version" ]; then \
> diff --git a/meta/classes/rootfs-add-files.bbclass
> b/meta/classes/rootfs-add-files.bbclass
> index 4125caf5..8ebd25cb 100644
> --- a/meta/classes/rootfs-add-files.bbclass
> +++ b/meta/classes/rootfs-add-files.bbclass
> @@ -16,10 +16,6 @@ ROOTFS_ADDITIONAL_FILES ??= ""
>
>
> python rootfs_add_files() {
> - import os
> - if d.getVar("SOURCE_DATE_EPOCH") != None:
> - os.environ["SOURCE_DATE_EPOCH"] =
> d.getVar("SOURCE_DATE_EPOCH")
> -
> postprocess_additional_files =
> d.getVar('ROOTFS_ADDITIONAL_FILES').split()
> rootfsdir = d.getVar("ROOTFSDIR")
>
> diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
> b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
> index b1567d7b..faf22a50 100644
> --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
> +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
> @@ -310,10 +310,6 @@ do_bootstrap() {
> sudo rm -rf --one-file-system "${ROOTFSDIR}"
> deb_dl_dir_import "${ROOTFSDIR}" "${BOOTSTRAP_BASE_DISTRO}-
> ${BASE_DISTRO_CODENAME}"
>
> - if [ -n "${SOURCE_DATE_EPOCH}" ]; then
> - export SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH}"
> - fi
> -
> sudo -E -s <<'EOSUDO'
> set -e
> if [ "${BOOTSTRAP_FOR_HOST}" = "0" ]; then
> --
> 2.39.2
>
next prev parent reply other threads:[~2024-04-23 19:49 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-22 18:58 Felix Moessbauer
2024-04-22 18:58 ` [PATCH 2/2] do not log clamped file mtimes Felix Moessbauer
2024-04-23 19:49 ` Uladzimir Bely [this message]
2024-04-24 7:24 ` [PATCH 1/2] remove conditional SDE paths MOESSBAUER, Felix
2024-04-24 7:51 ` Uladzimir Bely
2024-04-30 7:03 ` Uladzimir Bely
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2e3905fc81549945746982e8f7d45b6f612420e1.camel@ilbers.de \
--to=ubely@ilbers.de \
--cc=benedikt.niedermayr@siemens.com \
--cc=felix.moessbauer@siemens.com \
--cc=isar-users@googlegroups.com \
--cc=quirin.gylstorff@siemens.com \
--cc=venkata.pyla@toshiba-tsip.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox