From: <Venkata.Pyla@toshiba-tsip.com>
To: <felix.moessbauer@siemens.com>
Cc: <dinesh.kumar@toshiba-tsip.com>, <isar-users@googlegroups.com>,
<jan.kiszka@siemens.com>, <kazuhiro3.hayashi@toshiba.co.jp>,
<henning.schild@siemens.com>
Subject: RE: [PATCH] image.bbclass: set file timestamps inside the rootfs and initramfs image
Date: Wed, 9 Nov 2022 06:56:31 +0000 [thread overview]
Message-ID: <OSYPR01MB5542E37EC1287012E9F38701A43E9@OSYPR01MB5542.jpnprd01.prod.outlook.com> (raw)
In-Reply-To: <383fd6d397ccdb132b8e97602784417fcf2cd63d.camel@siemens.com>
Hi Felix,
Thanks for your review, please check my comments below.
Thanks,
Venkata.
>-----Original Message-----
>From: isar-users@googlegroups.com <isar-users@googlegroups.com> On Behalf
>Of Moessbauer, Felix
>Sent: 07 November 2022 14:21
>To: pyla venkata(TSIP TMIEC ODG Porting) <Venkata.Pyla@toshiba-
>tsip.com>
>Cc: dinesh kumar(TSIP TMIEC ODG Porting) <dinesh.kumar@toshiba-
>tsip.com>; isar-users@googlegroups.com; Kiszka, Jan <jan.kiszka@siemens.com>;
>hayashi kazuhiro(林 和宏 □SWC◯ACT) <kazuhiro3.hayashi@toshiba.co.jp>;
>Schild, Henning <henning.schild@siemens.com>
>Subject: Re: [PATCH] image.bbclass: set file timestamps inside the rootfs and
>initramfs image
>
>On Mon, 2022-11-07 at 13:55 +0530, venkata.pyla@toshiba-tsip.com wrote:
>> From: venkata pyla <venkata.pyla@toshiba-tsip.com>
>>
>> As part of reproducible-build work, one of the problem chosen to solve
>> is the file time stamps inside rootfs and initramfs are not identical
>> between two builds.
>>
>> With the help of reproducible-builds.org and their suggestions, the
>> above problem can be fixed using 'SOURCE_DATE_EPOCH' variable [2].
>>
>> In case of rootfs file time-stamps, set all the files and folders that
>> are newer than 'SOURCE_DATE_EPOCH' and set it to same.
>
>Hi,
>
>is there a particular reason why we don't set all dates exactly to
>SOURCE_DATE_EPOCH? Otherwise we might still have reproducibility issues in
>case some files are provided by the sstate cache, hence have an older
>timestamp. Building w/ or w/o cache should not make a difference.
It is considered to change only the files that are created during build time and preserve the times in the files that are come with package,
anyway the files and their timestamps comes with the package are reproducible.
see some discussions about this change in the Debian live-build [1], where it is used for the same purpose to build Debian images reproducibly.
Regarding the files comes sstate cache, the reproducible builds should carry out in the fresh build or after cleaned up state, so I think this should not be a problem.
[1] https://salsa.debian.org/live-team/live-build/-/merge_requests/218
>
>Felix
>
>> In case of initramfs, regenerate the initramfs image with
>> 'SOURCE_DATE_EPOCH' variable set as the mkinitramfs script is already
>> taken care of creating reproducible initramfs image when the variable
>> is set in the environment[3].
>>
>> The SOURCE_DATE_EPOCH variable should be set to the last modification
>> of the git repository as explained in the documentation[2].
>>
>> e.g:
>> SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)
>>
>> To know more about the reproducible builds and its goals please refer
>> [1].
>>
>> [1] https://reproducible-builds.org/
>> [2] https://reproducible-builds.org/docs/source-date-epoch/
>> [3]
>> https://manpages.debian.org/bullseye/initramfs-tools-core/mkinitramfs.
>> 8.en.html#ENVIRONMENT
>>
>> Signed-off-by: venkata pyla <venkata.pyla@toshiba-tsip.com>
>> ---
>> meta/classes/image.bbclass | 15 +++++++++++++++
>> 1 file changed, 15 insertions(+)
>>
>> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
>> index ccff810..c1bb4fd 100644
>> --- a/meta/classes/image.bbclass
>> +++ b/meta/classes/image.bbclass
>> @@ -431,6 +431,21 @@ do_rootfs_finalize() {
>> "${ROOTFSDIR}/etc/apt/sources.list.d/bootstrap.list"
>>
>> rm -f "${ROOTFSDIR}/etc/apt/sources-list"
>> +
>> + # Recreate initramfs inorder to set timestamps to
>> SOURCE_DATE_EPOCH
>> + # inorder to make reproducible initramfs
>> + test ! -z "${SOURCE_DATE_EPOCH}" && \
>> + SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH} chroot
>> "${ROOTFSDIR}" \
>> + update-initramfs -u -v
>> +
>> + # Set timestamp to files inside the rootfs image inorder to
>> make
>> + # reproducible rootfs
>> + test ! -z "${SOURCE_DATE_EPOCH}" && \
>> + find ${ROOTFSDIR} -newermt \
>> + "$(date -d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d
>> %H:%M:%S')" \
>> + -printf "%y %p\n" \
>> + -exec touch '{}' -h -d@${SOURCE_DATE_EPOCH} ';'
>> +
>> EOSUDO
>> }
>> addtask rootfs_finalize before do_rootfs after do_rootfs_postprocess
>> --
>> 2.20.1
>>
>>
>
>--
>You received this message because you are subscribed to the Google Groups
>"isar-users" group.
>To unsubscribe from this group and stop receiving emails from it, send an email
>to isar-users+unsubscribe@googlegroups.com.
>To view this discussion on the web visit
>https://groups.google.com/d/msgid/isar-
>users/383fd6d397ccdb132b8e97602784417fcf2cd63d.camel%40siemens.com.
next prev parent reply other threads:[~2022-11-09 6:56 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-07 8:25 venkata.pyla
2022-11-07 8:50 ` Moessbauer, Felix
2022-11-09 6:56 ` Venkata.Pyla [this message]
2022-11-07 8:53 ` Henning Schild
2022-11-09 9:27 ` Venkata.Pyla
2022-11-10 7:12 ` Henning Schild
2022-11-20 7:53 ` [PATCH] scripts/repro-test.sh: script to test reproducibility of Isar image venkata.pyla
2022-11-22 7:28 ` Anton Mikanovich
2022-11-22 8:49 ` Venkata.Pyla
2022-12-19 14:41 ` [PATCH 0/2] Test for verifiying reproducible images venkata.pyla
2022-12-28 8:40 ` Anton Mikanovich
2023-01-02 6:24 ` [PATCH] repro-build-test.py: Fix date_epoch time contains byte character b'' venkata.pyla
2023-01-11 5:42 ` Uladzimir Bely
2022-12-19 14:41 ` [PATCH 1/2] cibuilder.py: Add source_date_epoch to build configuration venkata.pyla
2022-12-19 14:41 ` [PATCH 2/2] repro-build-test.py: Test to check images are reproducible venkata.pyla
2023-01-07 0:01 ` Henning Schild
2022-11-21 5:16 ` [PATCH] image.bbclass: set file timestamps inside the rootfs and initramfs image Venkata.Pyla
2022-11-10 9:52 ` Balasubramanian Sundaram
2022-11-10 10:03 ` Anton Mikanovich
2022-11-10 10:17 ` Balasubramanian Sundaram
2022-11-10 10:19 ` Balasubramanian Sundaram
2022-11-10 10:27 ` Anton Mikanovich
2022-11-10 10:51 ` Balasubramanian Sundaram
2022-11-10 16:30 ` Henning Schild
2022-11-10 17:05 ` Henning Schild
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=OSYPR01MB5542E37EC1287012E9F38701A43E9@OSYPR01MB5542.jpnprd01.prod.outlook.com \
--to=venkata.pyla@toshiba-tsip.com \
--cc=dinesh.kumar@toshiba-tsip.com \
--cc=felix.moessbauer@siemens.com \
--cc=henning.schild@siemens.com \
--cc=isar-users@googlegroups.com \
--cc=jan.kiszka@siemens.com \
--cc=kazuhiro3.hayashi@toshiba.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox