From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7189000421229199360 X-Received: by 2002:a17:90b:190e:b0:225:fa95:6503 with SMTP id mp14-20020a17090b190e00b00225fa956503mr7007487pjb.246.1673861834578; Mon, 16 Jan 2023 01:37:14 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a17:902:9887:b0:178:35a3:84d9 with SMTP id s7-20020a170902988700b0017835a384d9ls12219232plp.10.-pod-prod-gmail; Mon, 16 Jan 2023 01:37:13 -0800 (PST) X-Google-Smtp-Source: AMrXdXtaQT92V/+BHknQkHHx2aOUpU/qa5ucxlcVmKzTEO9RSK0LyIY+ctEciq7t23+/EFZEAzoW X-Received: by 2002:a17:903:248c:b0:194:516b:2d91 with SMTP id p12-20020a170903248c00b00194516b2d91mr19273934plw.20.1673861833611; Mon, 16 Jan 2023 01:37:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673861833; cv=none; d=google.com; s=arc-20160816; b=jV/VX18/84EPO64wOEYYQRgReH8UkNGfvrQ7zo6QcrH9d0k1rZBxOAFQRKr7Jzb360 pQTH0MVwGEWTWjmQXAgWnOOkKy1TLdUCntVWQ3trqfyrHFjsTn40A6B46j1Tu9Y0fSyk je60CZxnWOHPmQ5UeIDjWHRSJ5B1L6bxu2awK/emdFk4BdtjDyNQTqQIDABnMWs8nT+r sFQMSzvrJy47NjHIyLPlw6++gBJxsRjlfPUnLeT/TBva6f1ee8IvtgDtYHTR8PqmuCFU CqYBRJC2ZTDREj6NB/NRXkos2d+xP0TKQXPpqIIR3oXogd6XaDnqE9Jw6hxyDfp659qb fuAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=HWmZ0QJFjGGk6XxHCuSAq66bWfLYGOGif0rdB9cD31M=; b=iFRd4sOAHXx1ARshaSHuwiQkyAe1zVEGfeN6uHUzBXtJ/ITdTMwhwESb8UrWlEXDgF VQG/adysZ495X6T6cV3MzYfJhhM+BDWio93d3Mhw7HK84DFCPkbtlkpdCymDiQyVmJRA SCHpubGwWQR7hiC0DFZj+4hWoSX/+4SVNEdcDQDV6+eZF02LwTyJy7KXbjOEQT7Gh+xa qk4dlmsXb3/Ym5WW6PjAqzc4nRf3IuFYx6wXGFIk0iji99Ipo2WhjK8UojX+ErDQ83YT ySg8mgjxCQHWzgFuutVTBIIOpWWVDEwyQlckKrNmfmNrTWsfn39v15WTNUeuNx5Bx/PU Fe7Q== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b="Uc5KkzQ/"; spf=pass (google.com: domain of roberto.foglietta@gmail.com designates 2607:f8b0:4864:20::836 as permitted sender) smtp.mailfrom=roberto.foglietta@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from mail-qt1-x836.google.com (mail-qt1-x836.google.com. [2607:f8b0:4864:20::836]) by gmr-mx.google.com with ESMTPS id d17-20020a170902f15100b00188c5696675si3214376plb.6.2023.01.16.01.37.13 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 16 Jan 2023 01:37:13 -0800 (PST) Received-SPF: pass (google.com: domain of roberto.foglietta@gmail.com designates 2607:f8b0:4864:20::836 as permitted sender) client-ip=2607:f8b0:4864:20::836; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b="Uc5KkzQ/"; spf=pass (google.com: domain of roberto.foglietta@gmail.com designates 2607:f8b0:4864:20::836 as permitted sender) smtp.mailfrom=roberto.foglietta@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: by mail-qt1-x836.google.com with SMTP id o5so3184332qtr.11 for ; Mon, 16 Jan 2023 01:37:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=HWmZ0QJFjGGk6XxHCuSAq66bWfLYGOGif0rdB9cD31M=; b=Uc5KkzQ/aVV1CeesDbNld7pyCJvrmaUZ2jk1Lrh0lwGHifAJxtT8C1kyb+JTKbwQiE +XGLLYzaECvcJpqM+w8ZT7yh/PWh2u5bRV706wfRBHJysC7tIpNkW/lDrURKz29K1AmU FD7wVpkeDWbZzPso3t8CGGXcHpjsA1j7BlAgUV9R2pLDUA7XNHQwZmF84nydZXDI5KXP pfPcjSOMfBCTAUptBjgPJIKrfX1haO3ZSiFnL7Oql0z673KUcz1d2Wg2fJdzbqBVAO7X 2A3jtG5R916MkrVk2rIUxw1Y7BEKJFJrtCGf4plyFADraSJPBhgieiJ0Ib/uQ969PnOk 5bPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=HWmZ0QJFjGGk6XxHCuSAq66bWfLYGOGif0rdB9cD31M=; b=2vqANZ/TocTEL7ZT7uXiBBx8Tn6aaz1HaEZyOirbTb/koqE5AWov1oCyOpuOighFHs h1IuayPbZdSQHeo5Ke6NZ28Lb9jjMCjMEm2QIZw+FqUqH0i2wc2ZiUeEhiO/4JsXwifL Ch2E81Mi8BJQv10yTxX4k/TIXi4hY+0+odIw7cs0x056Z8xOdGWRmCRfwe9Eb/IY15LY QDP6gLgv2UfbmIdApAuKShD2bKqFd1KeNCrCTnYsvi3m64qCmUl5FaGisXR/WWK7uO3/ tJfo3nQgB/LJXXQAwD3OXyjr+2AvaqcmGJXzgLQ+Mj/2rVCBg1RwaNe+md5fHo0osI3L A8Yw== X-Gm-Message-State: AFqh2kpn2lUHfINAhQ/4+rWsB9k1OZJGO7lhoWXVX6aDq6ldAMVOnMEJ vlvziUs/fEGVwZwRAoHYNP/q2OkdbrPc+VV6FZFUWukFMw== X-Received: by 2002:ac8:7450:0:b0:3b6:3406:81b9 with SMTP id h16-20020ac87450000000b003b6340681b9mr91379qtr.19.1673861832733; Mon, 16 Jan 2023 01:37:12 -0800 (PST) MIME-Version: 1.0 References: <20230115215310.732295-1-roberto.foglietta@linuxteam.org> In-Reply-To: From: "Roberto A. Foglietta" Date: Mon, 16 Jan 2023 10:36:36 +0100 Message-ID: Subject: Re: [PATCH v6] suggested changes for reproducibility patchset v6 To: "Moessbauer, Felix" Cc: "roberto.foglietta@linuxteam.org" , "isar-users@googlegroups.com" Content-Type: multipart/alternative; boundary="000000000000f17a7805f25e53d9" X-TUID: J7+tFb8Sdiss --000000000000f17a7805f25e53d9 Content-Type: text/plain; charset="UTF-8" On Mon, 16 Jan 2023 at 03:55, Moessbauer, Felix < felix.moessbauer@siemens.com> wrote: > On Sun, 2023-01-15 at 22:53 +0100, roberto.foglietta@linuxteam.org > wrote: > > From: "Roberto A. Foglietta" > > > > suggested changes for reproducibility patchset > > > > WARNING: eval-image-1.0-r0 do_rootfs_finalize: modified timestamp > > (1673628837) of 3 files for image reproducibly > > List of files modified could be found here: > > ./build/tmp/deploy/images/debx86/files.modified_timestamps > > > > v.2: rebased on current ilbers:next > > > > v.3: new script added: wic-extract-rootfs-partition.sh [image.wic] > > > > v.4: example with for epoch generation from git > > > > v.5: reverted the example and rework some few code > > > > v.6: the 1st part of the warning shows up each time the epoch is used > > while the 2nd line appears only when some files has been touched > > This allows the user to know the current situation aboat epoch. > > Sorry, but I can't follow either. > If 416 files are changed, there is no need to print out a warning of 416 lines but just 2 In case of zero files touched, just one line of warning is fine. Please send the versions as individual patch series, prefixed with > "PATCH v". And please only tackle one issue per patch Ok. You are right. It is confusing to send suggestions in the form of a patch. > + password="$(openssl passwd -6 -salt $salt > > $password)" > > This "fixup" is simply wrong because the value of the variables are not > escaped correctly anymore. In short: it breaks if salt contains either > reserved characters or spaces. Correct: thanks. > Please run this kind of stuff through > shellcheck before proposing fixes. > The suggestion of shellcheck is great, it will be very useful to provide a code verification in git-functions. However, his line of code of yours did not even run in a console because it is broken when SOURCE_DATE_EPOCH is defined - also in dash. In fact, you fixed it in v3. (SMILE) roberto:~/d$ SOURCE_DATE_EPOCH=42; if [ -z "${SOURCE_DATE_EPOCH}"]; then echo ciao; fi bash: [: missing `]' roberto:~/d$ SOURCE_DATE_EPOCH=""; if [ -z "${SOURCE_DATE_EPOCH}"]; then echo ciao; fi ciao --- a/meta/classes/image-account-extension.bbclass +++ b/meta/classes/image-account-extension.bbclass @@ -256,11 +256,11 @@ image_postprocess_accounts() { # chpasswd adds a random salt when running against a clear-text password. # For reproducible images, we manually generate the password and use the # SOURCE_DATE_EPOCH to generate the salt in a deterministic way. - if [ -z "${SOURCE_DATE_EPOCH}"]; then + if [ -z "${SOURCE_DATE_EPOCH}" ]; then > Best regards, R- --000000000000f17a7805f25e53d9 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Mon, 16 Jan 2023 at 03:55, Moessbauer,= Felix <felix.moessbauer= @siemens.com> wrote:
On Sun, 2023-01-15 at 22:53 +0100, <= a href=3D"mailto:roberto.foglietta@linuxteam.org" target=3D"_blank">roberto= .foglietta@linuxteam.org
wrote:
> From: "Roberto A. Foglietta" <roberto.foglietta@gmail.com> >
> suggested changes for reproducibility patchset
>
> WARNING: eval-image-1.0-r0 do_rootfs_finalize: modified timestamp
> (1673628837) of 3 files for image reproducibly
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 List of files modifie= d could be found here:
> ./build/tmp/deploy/images/debx86/files.modified_timestamps
>
> v.2: rebased on current ilbers:next
>
> v.3: new script added: wic-extract-rootfs-partition.sh [image.wic]
>
> v.4: example with for epoch generation from git
>
> v.5: reverted the example and rework some few code
>
> v.6: the 1st part of the warning shows up each time the epoch is used<= br> > =C2=A0=C2=A0=C2=A0=C2=A0 while the 2nd line appears only when some fil= es has been touched
> =C2=A0=C2=A0=C2=A0=C2=A0 This allows the user to know the current situ= ation aboat epoch.

Sorry, but I can't follow either.

I= f 416 files are changed, there is no need to print out a warning of 416 lin= es but just 2 In case of zero files touched, just one line of warning is fi= ne.


Please send the versions as individual patch series, prefixed with
"PATCH v<version>". And please only tackle one issue per pa= tch

Ok. You are right. It is confusing to s= end suggestions in the form of a patch.


=
> +=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 password=3D"$(openssl passwd -6 -salt $salt
> $password)"

This "fixup" is simply wrong because the value of the variables a= re not
escaped correctly anymore. In short: it breaks if salt contains either
reserved characters or spaces.

Correct: th= anks.

=C2=A0
Please run this kind of stuff through
shellcheck before proposing fixes.

The = suggestion of shellcheck is great, it will be very useful to provide a code= verification in git-functions. However, his line of code of yours did not = even run in a console because it is broken when SOURCE_DATE_EPOCH is define= d - also in dash. In fact, you fixed it in v3. (SMILE)

=
roberto:~/d$ SOURCE_DATE_EPOCH=3D42; if [ -z "${SOURCE_DATE_EPOCH= }"]; then echo ciao; fi
bash: [: missing `]'
roberto:~/d$ SO= URCE_DATE_EPOCH=3D""; if [ -z "${SOURCE_DATE_EPOCH}"]; = then echo ciao; fi
ciao

--- a/meta/classes/= image-account-extension.bbclass
+++ b/meta/classes/image-account-extensi= on.bbclass
@@ -256,11 +256,11 @@ image_postprocess_accounts() {
=C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# chpasswd adds = a random salt when running against a clear-text password.
=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# For reproducible images, = we manually generate the password and use the
=C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# SOURCE_DATE_EPOCH to generate the s= alt in a deterministic way.
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 if [ -z "${SOURCE_DATE_EPOCH}"]; then
+=C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if [ -z "${SOURCE_DAT= E_EPOCH}" ]; then

Best regards, R-
--000000000000f17a7805f25e53d9--