* [PATCH v2 0/2] Fix reproducibility of /etc/shadow file when image built on different days
@ 2024-03-06 6:14 Adithya Balakumar
2024-03-06 6:14 ` [PATCH v2 1/2] isar-bootstrap.inc: Export SOURCE_DATE_EPOCH variable Adithya Balakumar
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Adithya Balakumar @ 2024-03-06 6:14 UTC (permalink / raw)
To: isar-users, amikan
Cc: kazuhiro3.hayashi, dinesh.kumar, shivanand.kunijadar,
sai.sathujoda, adithya.balakumar
The third field in the /etc/shadow file (sp_lstchg) contains the date of
the last password change expressed as the number of days since Jan 1, 1970.
As this is a relative time, creating a user today will result in:
username:17238:0:99999:7:::
whilst creating the same user tomorrow will result in:
username:17239:0:99999:7:::
This impacts reproducibility of images when built on different days.
Since /etc/shadow honours SOURCE_DATE_EPOCH, this patchset makes the
SOURCE_DATE_EPOCH variable available when the /etc/shadow file is
created/modified.
Changes in v2:
- Replaced "! -z" with "-n" while checking for value of SOURCE_DATE_EPOCH
- Handle failure if bitbake var for SOURCE_DATE_EPOCH is empty
Adithya Balakumar (2):
isar-bootstrap.inc: Export SOURCE_DATE_EPOCH variable
image-account-extension.bbclass: Export SOURCE_DATE_EPOCH variable
meta/classes/image-account-extension.bbclass | 4 ++++
meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 4 ++++
2 files changed, 8 insertions(+)
--
2.39.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2 1/2] isar-bootstrap.inc: Export SOURCE_DATE_EPOCH variable
2024-03-06 6:14 [PATCH v2 0/2] Fix reproducibility of /etc/shadow file when image built on different days Adithya Balakumar
@ 2024-03-06 6:14 ` Adithya Balakumar
2024-03-06 6:14 ` [PATCH v2 2/2] image-account-extension.bbclass: " Adithya Balakumar
2024-03-11 12:09 ` [PATCH v2 0/2] Fix reproducibility of /etc/shadow file when image built on different days Uladzimir Bely
2 siblings, 0 replies; 4+ messages in thread
From: Adithya Balakumar @ 2024-03-06 6:14 UTC (permalink / raw)
To: isar-users, amikan
Cc: kazuhiro3.hayashi, dinesh.kumar, shivanand.kunijadar,
sai.sathujoda, adithya.balakumar
The third field in the /etc/shadow file (sp_lstchg) contains the date of
the last password change expressed as the number of days since Jan 1,
1970. The sp_lstchg value changes when the images are built on
different days making the image not reproducible.
Exporting the SOURCE_DATE_EPOCH variable ensures that sp_lstchg value is
set with respect to the SOURCE_DATE_EPOCH value while debootstrap creates
the minimal rootfile system.
Signed-off-by: Adithya Balakumar <Adithya.Balakumar@toshiba-tsip.com>
---
meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
index 3477c2fb..b1fcd7b0 100644
--- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
+++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
@@ -292,6 +292,10 @@ do_bootstrap() {
sudo rm -rf --one-file-system "${ROOTFSDIR}"
deb_dl_dir_import "${ROOTFSDIR}" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}"
+ if [ -n "${SOURCE_DATE_EPOCH}" ]; then
+ export SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH}"
+ fi
+
sudo -E -s <<'EOSUDO'
set -e
if [ "${BOOTSTRAP_FOR_HOST}" = "0" ]; then
--
2.39.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2 2/2] image-account-extension.bbclass: Export SOURCE_DATE_EPOCH variable
2024-03-06 6:14 [PATCH v2 0/2] Fix reproducibility of /etc/shadow file when image built on different days Adithya Balakumar
2024-03-06 6:14 ` [PATCH v2 1/2] isar-bootstrap.inc: Export SOURCE_DATE_EPOCH variable Adithya Balakumar
@ 2024-03-06 6:14 ` Adithya Balakumar
2024-03-11 12:09 ` [PATCH v2 0/2] Fix reproducibility of /etc/shadow file when image built on different days Uladzimir Bely
2 siblings, 0 replies; 4+ messages in thread
From: Adithya Balakumar @ 2024-03-06 6:14 UTC (permalink / raw)
To: isar-users, amikan
Cc: kazuhiro3.hayashi, dinesh.kumar, shivanand.kunijadar,
sai.sathujoda, adithya.balakumar
When a user account is created / updated, the third field (sp_lstchg)
in the /etc/shadow file could be modified. The third field contains
the date of the last password change expressed as the number of days
since Jan 1,1970. When the images are built on different days, the
value of sp_lstchg will be different making the image not reproducible.
Adding the SOURCE_DATE_EPOCH variable to environment ensures that
sp_lstchg value is set with respect to the SOURCE_DATE_EPOCH value.
Signed-off-by: Adithya Balakumar <Adithya.Balakumar@toshiba-tsip.com>
---
meta/classes/image-account-extension.bbclass | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass
index 9e67cb91..3d4e1d1d 100644
--- a/meta/classes/image-account-extension.bbclass
+++ b/meta/classes/image-account-extension.bbclass
@@ -131,6 +131,10 @@ def image_create_users(d: "DataSmart") -> None:
ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts"
python image_postprocess_accounts() {
+ import os
+ if d.getVar("SOURCE_DATE_EPOCH") != None:
+ os.environ["SOURCE_DATE_EPOCH"] = d.getVar("SOURCE_DATE_EPOCH")
+
image_create_groups(d)
image_create_users(d)
}
--
2.39.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2 0/2] Fix reproducibility of /etc/shadow file when image built on different days
2024-03-06 6:14 [PATCH v2 0/2] Fix reproducibility of /etc/shadow file when image built on different days Adithya Balakumar
2024-03-06 6:14 ` [PATCH v2 1/2] isar-bootstrap.inc: Export SOURCE_DATE_EPOCH variable Adithya Balakumar
2024-03-06 6:14 ` [PATCH v2 2/2] image-account-extension.bbclass: " Adithya Balakumar
@ 2024-03-11 12:09 ` Uladzimir Bely
2 siblings, 0 replies; 4+ messages in thread
From: Uladzimir Bely @ 2024-03-11 12:09 UTC (permalink / raw)
To: Adithya Balakumar, isar-users
On Wed, 2024-03-06 at 11:44 +0530, Adithya Balakumar wrote:
> The third field in the /etc/shadow file (sp_lstchg) contains the date
> of
> the last password change expressed as the number of days since Jan 1,
> 1970.
> As this is a relative time, creating a user today will result in:
>
> username:17238:0:99999:7:::
> whilst creating the same user tomorrow will result in:
>
> username:17239:0:99999:7:::
>
> This impacts reproducibility of images when built on different days.
>
> Since /etc/shadow honours SOURCE_DATE_EPOCH, this patchset makes the
> SOURCE_DATE_EPOCH variable available when the /etc/shadow file is
> created/modified.
>
> Changes in v2:
> - Replaced "! -z" with "-n" while checking for value of
> SOURCE_DATE_EPOCH
> - Handle failure if bitbake var for SOURCE_DATE_EPOCH is empty
>
> Adithya Balakumar (2):
> isar-bootstrap.inc: Export SOURCE_DATE_EPOCH variable
> image-account-extension.bbclass: Export SOURCE_DATE_EPOCH variable
>
> meta/classes/image-account-extension.bbclass | 4 ++++
> meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 4 ++++
> 2 files changed, 8 insertions(+)
>
> --
> 2.39.2
>
>
Applied to next, thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-03-11 12:09 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-06 6:14 [PATCH v2 0/2] Fix reproducibility of /etc/shadow file when image built on different days Adithya Balakumar
2024-03-06 6:14 ` [PATCH v2 1/2] isar-bootstrap.inc: Export SOURCE_DATE_EPOCH variable Adithya Balakumar
2024-03-06 6:14 ` [PATCH v2 2/2] image-account-extension.bbclass: " Adithya Balakumar
2024-03-11 12:09 ` [PATCH v2 0/2] Fix reproducibility of /etc/shadow file when image built on different days Uladzimir Bely
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox