[Reproducible-builds] Reproducible patches for libisoburn and libisofs

Chris Lamb lamby at debian.org
Tue Aug 2 21:36:07 UTC 2016 

[Please keep myself and reproducible-builds at lists.alioth.debian.org in CC]

Hey,

Thomas Schmitt impressed upon me to send my work in progress patches
to make reproducible ISO images. I'm not 100% convinced by them all
but I guess it would be good to throw them over-the-wall and see what
you guys think.

They work for me in that I can make reproducible images for my usecases
if I export SOURCE_DATE_EPOCH (see below) and pass --modification-date
to xorriso. I haven't tested with any other emulator


0001-source_date_epoch.patch (libisoburn & libisofs)
----------------------------------------------------

See <https://reproducible-builds.org/specs/source-date-epoch/> for the
background and specification.

0002-set-target-now-from-source_date_epoch.patch (libisofs)
-----------------------------------------------------------

We seem to use IsoImage->now a fair amount, although I can't 100% recall
whether this is totally required given the other changes.

0002-set-default-timestamp.patch (libisoburn)
---------------------------------------------

Really not convinced by this change. Perhaps we should add another switch
like --modification-date. Or make modification-date default to S_D_E too?

0003-isohybrid-mbr.patch (libisofs)
-----------------------------------

Removes deliberate random number. It actually *slightly* weakens the
existing PRNG in the non-SOURCE_DATE_EPOCH case as I've dropped the usec
part but given that it was a terrible PRNG anyway and nobody is relying
on it for security, I think that's pretty safe. More secure to be
reproducible anyway.

0003-set-scdbackup_tag_time-from-source_date_epoch.patch (libisoburn)
---------------------------------------------------------------------

Obvious follow-on from 0001-source_date_epoch.patch.

0004-normalize-wday-yday.patch (libisoburn)
-------------------------------------------

Pretty uncontroversial in that you call asctime on an unnormalised tm
struct, so you end up with logging messages that always refer to
Sunday (ie. zero). Not needed for reproducibility but it was confusing
me when debugging..

Anyway, hope that helps.

(This work was sponsored by Webconverger.org.)


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org / chris-lamb.co.uk
       `-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-set-default-timestamp.patch
Type: text/x-patch
Size: 696 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160802/b9d7f37c/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-normalize-wday-yday.patch
Type: text/x-patch
Size: 506 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160802/b9d7f37c/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-set-scdbackup_tag_time-from-source_date_epoch.patch
Type: text/x-patch
Size: 639 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160802/b9d7f37c/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-source_date_epoch.patch
Type: text/x-patch
Size: 1276 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160802/b9d7f37c/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-set-target-now-from-source_date_epoch.patch
Type: text/x-patch
Size: 459 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160802/b9d7f37c/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-isohybrid-mbr.patch
Type: text/x-patch
Size: 1712 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160802/b9d7f37c/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-source_date_epoch.patch
Type: text/x-patch
Size: 1214 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160802/b9d7f37c/attachment-0006.bin>

More information about the Reproducible-builds mailing list